237
Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 1 of 247 RMIT University Network Fundamentals EEET 2320 Workbook

Networking Fundamentals Lab Workbook

Embed Size (px)

Citation preview

Page 1: Networking Fundamentals Lab Workbook

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 1 of 247

RMIT University Network Fundamentals

EEET 2320 Workbook

Page 2: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1. Applications of Network & View Internetworks

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 2 of 247

LAB 1

Applications of Network & View Internetworks

Page 3: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.2: Using Collaboration Tools—Wikis and Web Logs

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 10 of 247

1BLab 1.2: Using Collaboration Tools—Wikis and Web Logs

28BTopology Diagram

29BLearning Objectives Upon completion of this lab, you will be able to:

• Define the terms wiki and blog.

• Explore wiki features.

30BBackground 31BThe lab topology should be configured and ready for use. If there are connectivity issues with the lab computer connecting to Eagle Server, ask the instructor for assistance.

The topology diagram shows two computers connected to a “cloud.” In networking, a cloud is often used to symbolize a more complex network that is not the current focus of discussion. In this lab, you will use a host computer that connects across the cloud to access a Twiki. In subsequent chapters you will study in great detail the devices and protocols that are inside the cloud.

32BScenario In this lab, you will have the opportunity to learn about the different parts of a wiki. If you ever used Wikipedia, you are probably already familiar with the look and feel of a wiki. After using Wikipedia, with its rich content and flexible links, moving back to flat files may feel constricting and unsatisfying. To gain experience with a wiki, the TWiki wiki server installed on Eagle Server will be explored.

Task 1: Define the Terms Wiki and Blog.

Wikis “Wiki” is a Hawaiian-language word that means fast. In networking terms, a wiki is a web-based collaboration tool that permits almost anyone to immediately post information, files, or graphics to a common site for other users to read and modify. A wiki enables a person to access a home page (first page) that provides a search tool to assist you in locating the articles that interest you. A wiki can be installed for the internet community or behind a corporate firewall for employee

Page 4: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.2: Using Collaboration Tools—Wikis and Web Logs

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 11 of 247

use. The user not only reads wiki contents but also participates by creating content within a web browser. Although many different wiki servers are available, the following common features that have been formalized into every wiki:

• Any web browser can be used to edit pages or create new content.

• Edit and auto links are available to edit a page and automatically link pages. Text formatting is similar to creating an e-mail.

• A search engine is used for quick content location.

• Access control can be set by the topic creator, defining who is permitted to edit content.

• A wiki web is a grouping of pages with different collaboration groups. For more information on Wiki, visit the following URLs outside of class:

HTUhttp://www.wiki.org/wiki.cgi?WhatIsWikiUT

HTUhttp://www.wikispaces.com/UT

Blogs A web log, called a blog, is similar to a wiki in that users create and post content for others to read. Blogs are normally the creation of a single person and the blog owner controls blog content. Some blogs permit users to leave comments and provide feedback to the author while others are more restrictive. Free internet blog hosting is available, similar to a free web site or e-mail account, such as HTUwww.blogger.com UTH.

Task 2: Explore Wiki Features with Twiki Tutorial.

The Twiki tutorial consists of exploring some of the more common features of a wiki. Listed below are the major topics covered in the tutorial:

20-Minute TWiki Tutorial

1. Get set...

2. Take a quick tour...

3. Open a private account…

4. Check out TWiki users, groups.

5. Test the page controls...

6. Change a page, and create a new one...

7. Use your browser to upload files as page attachments...

8. Get e-mail alerts whenever pages are changed... As each topic in the tutorial is investigated, complete the questions in this task. The exception is “3. Open a private account…”. Twiki requires email verification for new accounts, and email has not been configured on the lab host computers. Instead, users have already been created for steps that require login privileges. The power of a wiki is in the rich hyperlink content. Following hyperlinks can present continuity problems. It is recommended to open two browsers. Point one browser at the Twiki URL, and

Page 5: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.2: Using Collaboration Tools—Wikis and Web Logs

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 12 of 247

use the other browser for ‘working’ pages. Adjust the browser window sizes so that instructions can be viewed in one browser while actions can be performed in the other. Any external links that are selected will result in an error.

Step 1: Establish a web client connection to Eagle Server wiki.

Open a web browser and connect to the TWiki Sandbox, URL http://eagle-server.example.com/twiki/bin/view/Sandbox/WebHome. The URL name is case sensitive, and

must be typed exactly as shown. The Sandbox is a web topic designed to test wiki features. Refer to Figure 1.

Figure 1. TWiki Sandbox Web.

Step 2: Open the TWiki Tutorial.

Click the TWiki Tutorial link, highlighted in the red oval in Figure 1, to open the wiki tutorial page.

Step 3: Complete the TWiki tutorial.

Refer to the tutorial, step 1, “Get set... “, and step 2, “Take a quick tour...”. After completing the first two tutorial sections, answer the following questions: What is a WikiWord? ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

How many results are returned from a search of WebSearch? __________

Page 6: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.2: Using Collaboration Tools—Wikis and Web Logs

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 13 of 247

Refer to the tutorial, step 3, “Open a private account…”. Email is not possible at this time, therefore you will not be able to register. Instead, userids have been created for you to use later in this lab.

The key point to understand about this step is that registration is a two-part process. First, users fill in registration information and submit the form to TWiki.

List the mandatory information required for registration:

______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

TWiki responds to a registration request by sending an email to the user that contains a unique activation code. The second part of the registration process is when the user (1) enters the code in the activation window, or (2) responds with email by clicking on the TWiki response link. At this time, the user account is added to the TWiki datatbase. Refer to the tutorial, step 4, “Check out TWiki users, groups.”. A list of TWiki users and groups is displayed. After completing this tutorial section, answer the following questions related to user and group issues:

How is a user’s password reset?

______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

How can inappropriate changes be fixed in a wiki topic?

______________________________________________________________________________ ______________________________________________________________________________ Tutorial step 5, “Test the page controls...”, will familiarize you with page editing commands. After completing this tutorial section, answer the following questions:

Page 7: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.2: Using Collaboration Tools—Wikis and Web Logs

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 14 of 247

What is the latest revision number?

______________________________________________________________________________

Place the correct action link next to the description for page controls: Attach Backlinks Edit History More Printable r3 > r2 > r1 Raw View

Description Action Link

add to or edit the topic

show the source text without editing the topic

attach files to a topic

find out what other topics link to this topic (reverse link)

additional controls, such as rename / move, version control and setting the topic's parent.

topics are under revision control- shows the complete change history of the topic. For example, who changed what and when.

view a previous version of the topic or the difference between two versions

goes to a stripped down version of the page, good for printing

Tutorial step 6, “Change a page, and create a new one...“, is an opportunity for you to add content to the wiki. Complete this tutorial, using the table below to login to the wiki server.

TOn Eagle Server a group with private accounts has been created to allow participation in a private TWiki topic. These accounts are StudentCcna1 through StudentCcna22. All accounts have the same password, cisco. You should use the account that reflects your pod and host computer number. Refer to the following table:

TLab pod#host# TAccount Login

ID

(case sensitive)

TPod1host1 TStudentCcna1

TPod1host2 TStudentCcna2

TPod2host1 TStudentCcna3

TPod2host2 TStudentCcna4

TPod3host1 TStudentCcna5

TPod3host2 TStudentCcna6

TPod4host1 TStudentCcna7

TPod4host2 TStudentCcna8

Page 8: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.2: Using Collaboration Tools—Wikis and Web Logs

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 15 of 247

TPod5host1 TStudentCcna9

TPod5host2 TStudentCcna10

TPod6host1 TStudentCcna11

TPod6host2 TStudentCcna12

TPod7host1 TStudentCcna13

TPod7host2 TStudentCcna14

TPod8host1 TStudentCcna15

TPod8host2 TStudentCcna16

TPod9host1 TStudentCcna17

TPod9host2 TStudentCcna18

TPod10host1 TStudentCcna19

TPod10host2 TStudentCcna20

TPod11host1 TStudentCcna21

TPod11host2 TStudentCcna22

From the lab Wiki Welcome Screen, click the Log In link located in the upper left corner of the page. See Figure 2.

Figure 2. Log In Link.

A login box similar to that shown in Figure 3 should appear. Enter the applicable Twiki username, and password cisco. Both the username and password are case sensitive.

Figure 3. Login Box.

Page 9: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.2: Using Collaboration Tools—Wikis and Web Logs

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 16 of 247

This should bring up your wiki topic page, similar to the one shown in Figure 4.

Figure 4. wiki Topic Page.

Tutorial step 7, “Use your browser to upload files as page attachments...”, describes the process for uploading files into the wiki. To complete this tutorial, create a document using notepad and upload it to the wiki server.

What is the default maximum file size that can be transferred?

______________________________________________________________________________ Tutorial step 8, “Get e-mail alerts whenever pages are changed...”, details how to receive email alerts whenever a particular page has been updated. Sometimes it is not convenient to return regularly to a wiki simply to check for updates to postings. Because Email is not configured on the host computer, alerts will not be sent. Describe how you could receive e-mail notifications whenever a topic changes? ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

Task 3: Reflection

This lab presented the mechanics of a wiki. Usefulness and collaboration will not be realized until you actually join a wiki. Wikis of possible interest include:

• CCNA—HTUhttp://en.wikibooks.org/wiki/CCNA_Certification UTH

Page 10: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.2: Using Collaboration Tools—Wikis and Web Logs

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 17 of 247

• Cisco systems history—HTUhttp://en.wikipedia.org/wiki/Cisco_Systems UTH

• Wiki web about Cisco equipment and technology— HTUhttp://www.nyetwork.org/wiki/CiscoUT

• Network+ —HTUhttp://en.wikibooks.org/wiki/Network_Plus_Certification/Study_GuideUT

• Network Dictionary—HTUhttp://wiki.networkdictionary.com/index.php/Main_PageUT

• Wireshark network protocol analyzer— HTUhttp://wiki.wireshark.org/UTH

Task 4: Challenge

Depending on the type of Eagle Server installation, the class may be able use the TWiki wiki server to post interesting topics related to computer network theory and class progress. Create a personal blog of your network education experience. Internet access will be required.

Task 5: Clean Up

Close all web browsers and shut down the computer unless instructed otherwise.

Page 11: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.3: Using NeoTrace™ to View Internetworks

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 18 of 247

2BLab 1.3: Using NeoTrace™ to View Internetworks

33BLearning Objectives

• Explain the use of route tracing programs, such as tracert and NeoTrace.

• Use tracert and NeoTrace to trace a route from its PC to a distant server.

• Describe the interconnected and global nature of the Internet with respect to data flow.

34BBackground

Route tracing computer software is a utility that lists the networks data has to traverse from the user's originating end device to a distant destination network.

This network tool is typically executed at the command line as:

traceroute <destination network name or end device address>

(Unix and similar systems)

or

tracert <destination network name or end device address>

(MS Windows systems)

and determines the route taken by packets across an IP network.

The traceroute (or tracert) tool is often used for network troubleshooting. By showing a list of routers traversed, it allows the user to identify the path taken to reach a particular destination on the network or across internetworks. Each router represents a point where one network connects to another network and the packet was forwarded through. The number of routers is known as the number of "hops" the data traveled from source to destination.

The displayed list can help identify data flow problems when trying to access a service such as a website. It can also be useful when performing tasks such as downloading data. If there are multiple websites (mirrors) available for the same file of data, one can trace each mirror to get a good idea of which mirror would be the fastest to use.

However, it should be noted that because of the "meshed" nature of the interconnected networks that make up the Internet and the Internet Protocol's ability to select different pathways over which to send packets, two trace routes between the same source and destination conducted some time apart may produce different results.

Tools such as these are usually embedded with the operating system of the end device.

Others such as NeoTrace™ are proprietary programs that provide extra information. NeoTrace uses available online information to display graphically the route traced on a global map, for example.

35BScenario

Using an Internet connection, you will use two routing tracing programs to examine the Internet pathway to destination networks.

Page 12: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.3: Using NeoTrace™ to View Internetworks

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 19 of 247

This activity should be preformed on a computer that has Internet access and access to a command line. First, you will use the Windows embedded tracert utility and then the more enhanced NeoTrace program. This lab assumes the installation of NeoTrace. If the computer you are using does not have NeoTrace installed, you can download the program using the following link:

HTUhttp://www.softpedia.com/get/Network-Tools/Traceroute-Whois-Tools/McAfee-NeoTrace-Professional.shtmlUTH

If you have any trouble downloading or installing NeoTrace, ask your instructor for assistance.

Task 1: Trace Route to Remote Server.

Step 1: Trace the route to a distant network.

To trace the route to a distant network, the PC being used must have a working connection to the class/lab network.

1. At the command line prompt, type: tracert www.cisco.com

The first output line should show the Fully Qualified Domain Name (FQDN) followed by the IP address. The Lab Domain Name Service (DNS) server was able to resolve the name to an IP address. Without this name resolution, the tracert would have failed, because this tool operates at the TCP/IP layers that only understand valid IP addresses.

If DNS is not available, the IP address of the destination device has to be entered after the tracert command instead of the server name.

2. Examine the output displayed.

How many hops between the source and destination? ________

Figure 1. tracert Command

Figure 1 shows the successful result when running:

tracert HTUwww.cisco.com UTH from a location in Bavaria, Germany.

Page 13: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.3: Using NeoTrace™ to View Internetworks

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 20 of 247

The first output line shows the FQDN, followed by the IP address. Therefore, a DNS server was able to resolve the name to an IP address. Then there are listings of all routers through which the tracert requests had to pass to get to the destination.

3. Try the same trace route on a PC connected to the Internet, and examine your output.

Number of hops to www.cisco.com: ___________

Step 2: Try another trace route on the same PC, and examine your output.

Destination URL: __________________________________________

Destination IP Address: _____________________________________

Task 2: Trace Route using NeoTrace.

1. Launch the NeoTrace program.

2. On the View menu, choose Options. Click the Map tab and in the Home Location section click the Set Home Location button.

3. Follow the instructions to select your country and location in your country. Alternatively, you can click the Advanced button, which enables you to enter the precise latitude and longitude of your location. See the Challenge section of Activity 1.2.5(1).

4. Enter “www.cisco.com” in the Target field and click Go.

5. From the View menu, List View displays the list of routers similar to tracert.

Node View from the View menu displays the connections graphically with symbols.

Page 14: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.3: Using NeoTrace™ to View Internetworks

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 21 of 247

Map View on the View menu displays the links and routers in their geographic location on a global map.

6. Select each view in turn and note the differences and similarities.

7. Try a number of different URLs and view the routes to those destinations.

Page 15: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 1.3: Using NeoTrace™ to View Internetworks

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 22 of 247

Task 3: Reflection

Review the purpose and usefulness of trace route programs.

Relate the displays of the output of NeoTrace to the concept of interconnected networks and the global nature of the Internet.

Task 4: Challenge

Consider and discuss possible network security issues that could arise from the use of programs like traceroute and NeoTrace. Consider what technical details are revealed and how perhaps this information could be misused.

Task 5: Clean Up

Exit the NeoTrace program.

Unless instructed otherwise by your instructor, properly shut down the computer.

Page 16: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 2: IPv4 Addressing

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 23 of 247

3B

LAB 2

IPv4 Addressing

Page 17: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 2.1: IPv4 Address Subnetting Part 1

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 24 of 247

Lab 2.1: IPv4 Address Subnetting Part 1

87BLearning Objectives

Upon completion of this activity, you will be able to determine network information for a given IP address and network mask.

88BBackground

This activity is designed to teach how to compute network IP address information from a given IP address.

89BScenario

When given an IP address and network mask, you will be able to determine other information about the IP address such as:

• Network address

• Network broadcast address

• Total number of host bits

• Number of hosts

Task 1: For a given IP address, Determine Network Information.

Given:

Host IP Address 172.25.114.250

Network Mask 255.255.0.0 (/16)

Find:

Network Address

Network Broadcast Address

Total Number of Host Bits

Number of Hosts

Step 1: Translate Host IP address and network mask into binary notation.

Convert the host IP address and network mask to binary:

172 25 114 250 IP Address 10101100 00011001 01110010 11111010 Network Mask 11111111 11111111 00000000 00000000 255 255 0 0

Step 2: Determine the network address.

1. Draw a line under the mask.

2. Perform a bit-wise AND operation on the IP address and the subnet mask.

Note: 1 AND 1 results in a 1; 0 AND anything results in a 0.

3. Express the result in dotted decimal notation.

Page 18: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 2.1: IPv4 Address Subnetting Part 1

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 25 of 247

4. The result is the network address for this host IP address, which is 172.25.0.0.

172 25 114 250 IP Address 10101100 00011001 01110010 11111010

Subnet Mask 11111111 11111111 00000000 00000000 Network Address 10101100 00011001 00000000 00000000 172 25 0 0

Step 3: Determine the broadcast address for the network address

The network mask separates the network portion of the address from the host portion. The network address has all 0s in the host portion of the address and the broadcast address has all 1s in the host portion of the address.

172 25 0 0

Network Add. 10101100 00011001 00000000 00000000

Mask 11111111 11111111 00000000 00000000

Broadcast. 10101100 00011001 11111111 11111111

172 25 255 255

By counting the number of host bits, we can determine the total number of usable hosts for this network.

Host bits: 16

Total number of hosts:

2 P

16P = 65,536

65,536 – 2 = 65,534 (addresses that cannot use the all 0s address, network address, or the all 1s address, broadcast address.)

Add this information to the table:

Host IP Address 172.25.114.250

Network Mask 255.255.0.0 (/16)

Network Address

Network Broadcast Address

Total Number of Host Bits Number of Hosts

Task 2: Challenge

For all problems:

Create a Subnetting Worksheet to show and record all work for each problem.

Problem 1

Host IP Address 172.30.1.33

Network Mask 255.255.0.0

Network Address

Network Broadcast Address

Total Number of Host Bits

Number of Hosts

Page 19: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 2.1: IPv4 Address Subnetting Part 1

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 26 of 247

Problem 2

Host IP Address 172.30.1.33

Network Mask 255.255.255.0

Network Address

Network Broadcast Address

Total Number of Host Bits

Number of Hosts

Problem 3

Host IP Address 192.168.10.234

Network Mask 255.255.255.0

Network Address

Network Broadcast Address

Total Number of Host Bits

Number of Hosts

Problem 4

Host IP Address 172.17.99.71

Network Mask 255.255.0.0

Network Address

Network Broadcast Address

Total Number of Host Bits

Number of Hosts

Problem 5

Host IP Address 192.168.3.219

Network Mask 255.255.0.0

Network Address

Network Broadcast Address

Total Number of Host Bits

Number of Hosts

Problem 6

Host IP Address 192.168.3.219

Network Mask 255.255.255.224

Network Address

Network Broadcast Address

Total Number of Host Bits

Number of Hosts

Task 3: Clean Up

Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 20: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 2.2: IPv4 Address Subnetting Part 2

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 27 of 247

12BLab 2.2: IPv4 Address Subnetting Part 2

90BLearning Objectives

Upon completion of this activity, you will be able to determine subnet information for a given IP address and subnetwork mask.

91BBackground

Borrowing Bits

How many bits must be borrowed to create a certain number of subnets or a certain number of hosts per subnet?

Using this chart, it is easy to determine the number of bits that must be borrowed.

Things to remember:

• Subtract 2 for the usable number of hosts per subnet, one for the subnet address and one for the broadcast address of the subnet.

2 P

10P 2 P

9P 2P

8P 2 P

7P 2 P

6P 2P

5P 2 P

4P 2P

3P 2 P

2P 2P

1P 2P

0

1,024 512 256 128 64 32 16 8 4 2 1 Number of bits borrowed: 10 9 8 7 6 5 4 3 2 1 1

1,024 512 256 128 64 32 16 8 4 2 1 Hosts or Subnets

Possible Subnet Mask Values

Because subnet masks must be contiguous 1’s followed by contiguous 0’s, the converted dotted decimal notation can contain one of a certain number of values:

Dec. Binary 255 11111111 254 11111110 252 11111100 248 11111000 240 11110000 224 11100000 192 11000000 128 10000000 0 00000000

92BScenario

When given an IP address, network mask, and subnetwork mask, you will be able to determine other information about the IP address such as:

• The subnet address of this subnet

• The broadcast address of this subnet

Page 21: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 2.2: IPv4 Address Subnetting Part 2

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 28 of 247

• The range of host addresses for this subnet

• The maximum number of subnets for this subnet mask

• The number of hosts for each subnet

• The number of subnet bits

• The number of this subnet

Task 1: For a Given IP Address and Subnet Mask, Determine Subnet Information.

Given:

Host IP Address 172.25.114.250

Network Mask 255.255.0.0 (/16)

Subnet Mask 255.255.255.192 (/26) Find:

Number of Subnet Bits

Number of Subnets

Number of Host Bits per Subnet

Number of Usable Hosts per Subnet

Subnet Address for this IP Address

IP Address of First Host on this Subnet

IP Address of Last Host on this Subnet

Broadcast Address for this Subnet

Step 1: Translate host IP address and subnet mask into binary notation.

172 25 114 250

IP Address 10101100 00011001 01110010 11111010 11111111 11111111 11111111 11000000

Subnet Mask 255 255 255 192

Step 2: Determine the network (or subnet) where this host address belongs.

1. Draw a line under the mask.

2. Perform a bit-wise AND operation on the IP Address and the Subnet Mask.

Note: 1 AND 1 results in a 1’ 0 AND anything results in a 0.

3. Express the result in dotted decimal notation.

4. The result is the Subnet Address of this Subnet, which is 172.25.114.192

172 25 114 250 IP Address 10101100 00011001 01110010 11111010

Subnet Mask 11111111 11111111 11111111 11000000

Subnet Address 10101100 00011001 01110010 11000000 172 25 114 192

Add this information to the table:

Subnet Address for this IP Address 172.25.114.192

Page 22: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 2.2: IPv4 Address Subnetting Part 2

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 29 of 247

Step 3: Determine which bits in the address contain network information and which

contain host information.

1. Draw the Major Divide (M.D.) as a wavy line where the 1s in the major network mask end (also the mask if there was no subnetting). In our example, the major network mask is 255.255.0.0, or the first 16 left-most bits.

2. Draw the Subnet Divide (S.D.) as a straight line where the 1s in the given subnet mask end. The network information ends where the 1s in the mask end.

3. The result is the Number of Subnet Bits, which can be determined by simply counting the number of bits between the M.D. and S.D., which in this case is 10 bits.

Step 4: Determine the bit ranges for subnets and hosts.

1. Label the subnet counting range between the M.D. and the S.D. This range contains the bits that are being incremented to create the subnet numbers or addresses.

2. Label the host counting range between the S.D. and the last bits at the end on the right. This range contains the bits that are being incremented to create the host numbers or addresses.

Step 5: Determine the range of host addresses available on this subnet and the broadcast

address on this subnet.

1. Copy down all of the network/subnet bits of the network address (that is, all bits before the S.D.).

2. In the host portion (to the right of the S.D.), make the host bits all 0s except for the right-most bit (or least significant bit), which you make a 1. This gives us the first host IP address on this subnet, which is the first part of the result for Range of Host Addresses

for This Subnet, which in the example is 172.25.114.193.

3. Next, in the host portion (to the right of the S.D.), make the host bits all 1s except for the right-most bit (or least significant bit), which you make a 0. This gives us the last host IP address on this subnet, which is the last part of the result for Range of Host Addresses for

This Subnet, which in the example is 172.25.114.254.

4. In the host portion (to the right of the S.D.), make the host bits all 1s. This gives us the broadcast IP address on this subnet. This is the result for Broadcast Address of This

Subnet, which in the example is 172.25.114.255.

Page 23: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 2.2: IPv4 Address Subnetting Part 2

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 30 of 247

Let’s add some of this information to our table:

Host IP Address 172.25.114.250

Major Network Mask 255.255.0.0 (/16)

Major (Base) Network Address 172.25.0.0

Major Network Broadcast Address 172.25.255.255

Total Number of Host Bits Number of Hosts

16 bits or 2P

16P or 65,536 total hosts

65,536 – 2 = 65,534 usable hosts

Subnet Mask 255.255.255.192 (/26)

Number of Subnet Bits Number of Subnets

Number of Host Bits per Subnet Number of Usable Hosts per Subnet

Subnet Address for this IP Address

IP Address of First Host on this Subnet

IP Address of Last Host on this Subnet

Broadcast Address for this Subnet

Step 6: Determine the number of subnets.

The number of subnets is determined by how many bits are in the subnet counting range (in this example, 10 bits).

Use the formula 2 P

nP, where n is the number of bits in the subnet counting range.

1. 2 P

10P = 1024

Number of Subnet Bits Number of Subnets (all 0s used, all 1s not used)

10 bits 2P

10P = 1024 subnets

Page 24: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 2.2: IPv4 Address Subnetting Part 2

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 31 of 247

Step 7: Determine the number usable hosts per subnet.

The number of hosts per subnet is determined by the number of host bits (in this example, 6 bits) minus 2 (1 for the subnet address and 1 for the broadcast address of the subnet).

2 P

6P – 2 = 64 – 2 = 62 hosts per subnet

Number of Host Bits per Subnet Number of Usable Hosts per Subnet

6 bits 2P

6P – 2 = 64 – 2 = 62 hosts per subnet

Step 8: Final Answers

Host IP Address 172.25.114.250

Subnet Mask 255.255.255.192 (/26)

Number of Subnet Bits Number of Subnets

10 bits 2P

10P = 1024 subnets

Number of Host Bits per Subnet Number of Usable Hosts per Subnet

6 bits 2P

6P – 2 = 64 – 2 = 62 hosts per subnet

Subnet Address for this IP Address 172.25.114.192

IP Address of First Host on this Subnet

172.25.114.193

IP Address of Last Host on this Subnet

172.25.114.254

Broadcast Address for this Subnet 172.25.114.255

Task 2: Challenge

For all problems:

Create a Subnetting Worksheet to show and record all work for each problem.

Problem 1

Host IP Address 172.30.1.33

Subnet Mask 255.255.255.0

Number of Subnet Bits

Number of Subnets

Number of Host Bits per Subnet

Number of Usable Hosts per Subnet

Subnet Address for this IP Address

IP Address of First Host on this Subnet

IP Address of Last Host on this Subnet

Broadcast Address for this Subnet

Problem 2

Host IP Address 172.30.1.33

Subnet Mask 255.255.255.252

Page 25: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 2.2: IPv4 Address Subnetting Part 2

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 32 of 247

Number of Subnet Bits

Number of Subnets

Number of Host Bits per Subnet

Number of Usable Hosts per Subnet

Subnet Address for this IP Address

IP Address of First Host on this Subnet

IP Address of Last Host on this Subnet

Broadcast Address for this Subnet

Problem 3

Host IP Address 192.192.10.234

Subnet Mask 255.255.255.0

Number of Subnet Bits

Number of Subnets

Number of Host Bits per Subnet

Number of Usable Hosts per Subnet

Subnet Address for this IP Address

IP Address of First Host on this Subnet

IP Address of Last Host on this Subnet

Broadcast Address for this Subnet

Problem 4

Host IP Address 172.17.99.71

Subnet Mask 255.255.0.0

Number of Subnet Bits

Number of Subnets

Number of Host Bits per Subnet

Number of Usable Hosts per Subnet

Subnet Address for this IP Address

IP Address of First Host on this Subnet

IP Address of Last Host on this Subnet

Broadcast Address for this Subnet

Problem 5

Host IP Address 192.168.3.219

Subnet Mask 255.255.255.0

Number of Subnet Bits

Number of Subnets

Number of Host Bits per Subnet

Number of Usable Hosts per Subnet

Page 26: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 2.2: IPv4 Address Subnetting Part 2

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 33 of 247

Subnet Address for this IP Address

IP Address of First Host on this Subnet

IP Address of Last Host on this Subnet

Broadcast Address for this Subnet

Problem 6

Host IP Address 192.168.3.219

Subnet Mask 255.255.255.252

Number of Subnet Bits

Number of Subnets

Number of Host Bits per Subnet

Number of Usable Hosts per Subnet

Subnet Address for this IP Address

IP Address of First Host on this Subnet

IP Address of Last Host on this Subnet

Broadcast Address for this Subnet

Task 3: Clean Up

Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 27: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3: Building a Small Network & Introducing using Wireshark™

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 37 of 247

LAB 3

Building a Small Network & Introducing

Protocol Data Units using Wireshark™

Page 28: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.1: Topology Orientation and Building a Small Network

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 38 of 247

Lab 3.1: Topology Orientation and Building a Small Network

36BTopology Diagram

37BPeer to Peer Network

Switched Network

38BLearning Objectives

Upon completion of this lab, you will be able to:

• Correctly identify cables for use in the network.

• Physically cable a peer-to-peer and switched network.

• Verify basic connectivity on each network.

39BBackground

Many network problems can be fixed at the Physical layer of a network. For this reason, it is important to have a clear understanding of which cables to use for your network connections.

At the Physical layer (Layer 1) of the OSI model, end devices must be connected by media (cables). The type of media required depends on the type of device being connected. In the basic portion of this lab, straight–through or patch—cables will be used to connect workstations and switches.

In addition, two or more devices communicate through an address. The Network layer (Layer 3) requires a unique address (also know as a logical address or IP Addresses), which allows the data to reach the appropriate destination device.

Addressing for this lab will be applied to the workstations and will be used to enable communication between the devices.

Page 29: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.1: Topology Orientation and Building a Small Network

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 39 of 247

40BScenario

This lab starts with the simplest form of networking (peer-to-peer) and ends with the lab connecting through a switch.

Task 1: Create a Peer-to-Peer Network.

Step 1: Select a lab partner.

Step 2: Obtain equipment and resources for the lab.

Equipment needed:

2 workstations

2 straight through (patch) cables

1 crossover cable

1 switch (or hub)

Task 2: Identify the Cables used in a Network.

Before the devices can be cabled, you will need to identify the types of media you will be using. The cables used in this lab are crossover and straight-through.

Use a crossover cable to connect two workstations to each other through their NIC’s Ethernet port. This is an Ethernet cable. When you look at the plug you will notice that the orange and green wires are in opposite positions on each end of the cable.

Use a straight-through cable to connect the router’s Ethernet port to a switch port or a workstation to a switch port. This is also an Ethernet cable. When you look at the plug you will notice that both ends of the cable are exactly the same in each pin position.

Task 3: Cable the Peer-to-peer Network.

Step 1: Connect two workstations.

Using the correct Ethernet cable, connect two workstations together. Connect one end of the cable to the NIC port on PC1 and the other end of the cable to PC2.

Which cable did you use? _______________________________

Step 2: Apply a Layer 3 address to the workstations.

To complete this task, you will need to follow the step-by-step instructions below.

Note: These steps must be completed on each workstation. The instructions are for Windows XP—steps may differ slightly if you are using a different operating system.

Page 30: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.1: Topology Orientation and Building a Small Network

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 40 of 247

1. On your computer, click Start, right-click My Network Places, and then click Properties. The Network Connections window should appear, with icons showing the different network connections.

2. Right-click the Local Area Connection and click Properties.

3. Select the Internet Protocol (TCP/IP) item and then click the Properties button.

4. On the General tab of the Internet Protocol (TCP/IP) Properties window, select the Use

the following IP address option.

5. In the IP address box, enter the IP address 192.168.1.2 for PC1. (Enter the IP address 192.168.1.3 for PC2.)

6. Press the tab key and the Subnet mask is automatically entered. The subnet address should be 255.255.255.0. If this address is not automatically entered, enter this address manually.

7. Click OK.

Page 31: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.1: Topology Orientation and Building a Small Network

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 41 of 247

8. Close the Local Area Connection Properties window.

Step 3: Verify connectivity.

1. On your computer, click Start, and then click Run.

2. Type cmd in the Open box and then click OK.

The DOS command (cmd.exe) window will appear. You can enter DOS commands using this window. For the purposes of this lab, basic network commands will be entered to allow you to test you computer connections.

The ping command is a Hcomputer networkH tool used to test whether a HhostH (workstation, router, server, etc.) is reachable across an HIPH network.

3. Use the ping command to verify that PC1 can reach PC2 and PC2 can reach PC1. From

the PC1 DOS command prompt, type ping 192.168.1.3. From the PC2 DOS command prompt, type ping 192.168.1.2.

What is the output of the ping command?

Page 32: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.1: Topology Orientation and Building a Small Network

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 42 of 247

______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

If the ping command displays an error message or doesn’t receive a reply from the other workstation, troubleshoot as necessary. Possible areas to troubleshoot include:

• Verifying the correct IP addresses on both workstations

• Ensuring that the correct type of cable is used between the workstations

What is the output of the ping command if you unplug the network cable and ping the other workstation?

______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

Task 4: Connect Your Workstations to the Classroom Lab Switch.

Step 1: Connect workstation to switch.

Using the correct cable, connect one end of the cable to the NIC port on the workstation and the other end to a port on the switch.

Step 2: Repeat this process for each workstation on your network.

Which cable did you use? ______________________________

Page 33: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.1: Topology Orientation and Building a Small Network

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 43 of 247

Step 3: Verify connectivity.

Verify network connectivity by using the ping command to reach the other workstations attached to the switch.

What is the output of the ping command?

______________________________________________________________________________ ______________________________________________________________________________

What is the output of the ping command if you ping an address that is not connected to this network?

______________________________________________________________________________ ______________________________________________________________________________

Step 4: Share a document between PCs.

1. On your desktop, create a new folder and name it test.

2. Right-click the folder and click File sharing. Note: A hand will be placed under the icon.

3. Place a file in the folder.

4. On the desktop, double-click My Network Places and then Computers Near Me.

5. Double-click the workstation icon. The test folder should appear. You will be able to access this folder across the network. Once you are able to see it and work with the file, you have access through all 7 layers of the OSI model.

Task 5: Reflection

What could prevent a ping from being sent between the workstations when they are directly connected?

______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ What could prevent the ping from being sent to the workstations when they are connected through the switch?

______________________________________________________________________________ ______________________________________________________________________________

Page 34: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.2: Using Wireshark™ to View Protocol Data Units

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 44 of 247

Lab 3.2: Using Wireshark™ to View Protocol Data Units

41BLearning Objectives

• Be able to explain the purpose of a protocol analyzer (Wireshark).

• Be able to perform basic PDU capture using Wireshark.

• Be able to perform basic PDU analysis on straightforward network data traffic.

• Experiment with Wireshark features and options such as PDU capture and display filtering.

42BBackground

Wireshark is a software protocol analyzer, or "packet sniffer" application, used for network troubleshooting, analysis, software and protocol development, and education. Before June 2006, Wireshark was known as Ethereal. A packet sniffer (also known as a network analyzer or protocol analyzer) is computer software that can intercept and log data traffic passing over a data network. As data streams travel back and forth over the network, the sniffer "captures" each protocol data unit (PDU) and can decode and analyze its content according to the appropriate RFC or other specifications. Wireshark is programmed to recognize the structure of different network protocols. This enables it to display the encapsulation and individual fields of a PDU and interpret their meaning. It is a useful tool for anyone working with networks and can be used with most labs in the CCNA courses for data analysis and troubleshooting. For information and to download the program go to - HTUhttp://www.Wireshark.orgUTH

43BScenario

To capture PDUs the computer on which Wireshark is installed must have a working connection to the network and Wireshark must be running before any data can be captured. When Wireshark is launched, the screen below is displayed.

Page 35: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.2: Using Wireshark™ to View Protocol Data Units

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 45 of 247

To start data capture it is first necessary to go to the Capture menu and select the Options choice. The Options dialog provides a range of settings and filters which determines which and how much data traffic is captured.

First, it is necessary to ensure that Wireshark is set to monitor the correct interface. From the Interface drop down list, select the network adapter in use. Typically, for a computer this will be the connected Ethernet Adapter. Then other Options can be set. Among those available in Capture Options, the two highlighted below are worth examination.

Page 36: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.2: Using Wireshark™ to View Protocol Data Units

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 46 of 247

Setting Wireshark to capture packets in promiscuous mode If this feature is NOT checked, only PDUs destined for this computer will be captured. If this feature is checked, all PDUs destined for this computer AND all those detected by the computer NIC on the same network segment (i.e., those that "pass by" the NIC but are not destined for the computer) are captured. Note: The capturing of these other PDUs depends on the intermediary device connecting the end device computers on this network. As you use different intermediary devices (hubs, switches, routers) throughout these courses, you will experience the different Wireshark results. Setting Wireshark for network name resolution This option allows you to control whether or not Wireshark translates network addresses found in PDUs into names. Although this is a useful feature, the name resolution process may add extra PDUs to your captured data perhaps distorting the analysis. There are also a number of other capture filtering and process settings available. Clicking on the Start button starts the data capture process and a message box displays the progress of this process.

As data PDUs are captured, the types and number are indicated in the message box

Page 37: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.2: Using Wireshark™ to View Protocol Data Units

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 47 of 247

The examples above show the capture of a ping process and then accessing a web page. When the Stop button is clicked, the capture process is terminated and the main screen is displayed. This main display window of Wireshark has three panes.

The PDU (or Packet) List Pane at the top of the diagram displays a summary of each packet captured. By clicking on packets in this pane, you control what is displayed in the other two panes. The PDU (or Packet) Details Pane in the middle of the diagram displays the packet selected in the Packet List Pane in more detail. The PDU (or Packet) Bytes Pane at the bottom of the diagram displays the actual data (in hexadecimal form representing the actual binary) from the packet selected in the Packet List Pane, and highlights the field selected in the Packet Details Pane. Each line in the Packet List corresponds to one PDU or packet of the captured data. If you select a line in this pane, more details will be displayed in the "Packet Details" and "Packet Bytes" panes. The example above shows the PDUs captured when the ping utility was used and http://www.Wireshark.org was accessed. Packet number 1 is selected in this pane.

The Packet Details pane shows the current packet (selected in the "Packet List" pane) in a more detailed form. This pane shows the protocols and protocol fields of the selected packet. The protocols and fields of the packet are displayed using a tree, which can be expanded and collapsed. The Packet Bytes pane shows the data of the current packet (selected in the "Packet List" pane) in what is known as "hexdump" style. In this lab, this pane will not be examined in detail.

Packet List Pane

Packet Details Pane

Packets Bytes Pane

Page 38: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.2: Using Wireshark™ to View Protocol Data Units

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 48 of 247

However, when a more in-depth analysis is required this displayed information is useful for examining the binary values and content of PDUs. The information captured for the data PDUs can be saved in a file. This file can then be opened in Wireshark for analysis some time in the future without the need to re-capture the same data traffic again. The information displayed when a capture file is opened is the same as the original capture. When closing a data capture screen or exiting Wireshark you are prompted to save the captured PDUs.

Clicking on Continue without Saving closes the file or exits Wireshark without saving the displayed captured data. Task 1: Ping PDU Capture

Step 1: After ensuring that the standard lab topology and configuration is correct, launch

Wireshark on a computer in a lab pod.

Set the Capture Options as described above in the overview and start the capture process.

From the command line of the computer, ping the IP address of another network connected and powered on end device on in the lab topology. In this case, ping the Eagle Server at using the command ping 192.168.254.254.

After receiving the successful replies to the ping in the command line window, stop the packet capture.

Step 2: Examine the Packet List pane.

The Packet List pane on Wireshark should now look something like this:

Look at the packets listed above; we are interested in packet numbers 6, 7, 8, 9, 11, 12, 14 and 15.

Page 39: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.2: Using Wireshark™ to View Protocol Data Units

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 49 of 247

Locate the equivalent packets on the packet list on your computer. If you performed Step 1A above match the messages displayed in the command line window when the ping was issued with the six packets captured by Wireshark. From the Wireshark Packet List answer the following: What protocol is used by ping? ______________________________ What is the full protocol name? ______________________________ What are the names of the two ping messages? ______________________________ _____________________________________________________________________ Are the listed source and destination IP addresses what you expected? Yes / No Why? ___________________________________

Step 3: Select (highlight) the first echo request packet on the list with the mouse.

The Packet Detail pane will now display something similar to:

Click on each of the four "+" to expand the information. The packet Detail Pane will now be similar to:

As you can see, the details for each section and protocol can be expanded further. Spend some time scrolling through this information. At this stage of the course, you may not fully understand the information displayed but make a note of the information you do recognize.

Page 40: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.2: Using Wireshark™ to View Protocol Data Units

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 50 of 247

Locate the two different types of 'Source" and "Destination". Why are there two types? ______________________________________________________________________________ ______________________________________________________________________________ What protocols are in the Ethernet frame? ______________________________________________________________________________ ______________________________________________________________________________ As you select a line in the Packets Detail pane all or part of the information in the Packet Bytes

pane also becomes highlighted.

For example, if the second line (+ Ethernet II) is highlighted in the Details pane the Bytes pane

now highlights the corresponding values.

This shows the particular binary values that represent that information in the PDU. At this stage

of the course, it is not necessary to understand this information in detail.

Step 4: Go to the File menu and select Close.

Click on Continue without Saving when this message box appears.

Task 2: FTP PDU Capture

Page 41: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.2: Using Wireshark™ to View Protocol Data Units

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 51 of 247

Step 1: Start packet capture.

Assuming Wireshark is still running from the previous steps, start packet capture by clicking on the Start option on the Capture menu of Wireshark. At the command line on your computer running Wireshark, enter ftp 192.168.254.254 When the connection is established, enter anonymous as the user without a password. Userid: anonymous Password: <ENTER> You may alternatively use login with userid cisco and with password cisco. When successfully logged in enter get /pub/eagle_labs/eagle1/chapter1/gaim-1.5.0.exe and press the enter key <ENTER>. This will start downloading the file from the ftp server. The output will look similar to: C:\Documents and Settings\ccna1>ftp eagle-server.example.com Connected to eagle-server.example.com. 220 Welcome to the eagle-server FTP service. User (eagle-server.example.com:(none)): anonymous 331 Please specify the password. Password:<ENTER> 230 Login successful. ftp> get /pub/eagle_labs/eagle1/chapter1/gaim-1.5.0.exe 200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for pub/eagle_labs/eagle1/chapter1/gaim-1.5.0.exe (6967072 bytes). 226 File send OK. ftp: 6967072 bytes received in 0.59Seconds 11729.08Kbytes/sec. When the file download is complete enter quit ftp> quit 221 Goodbye. C:\Documents and Settings\ccna1>

When the file has successfully downloaded, stop the PDU capture in Wireshark.

Step 2: Increase the size of the Wireshark Packet List pane and scroll through the PDUs

listed.

Locate and note those PDUs associated with the file download. These will be the PDUs from the Layer 4 protocol TCP and the Layer 7 protocol FTP.

Identify the three groups of PDUs associated with the file transfer.

Page 42: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.2: Using Wireshark™ to View Protocol Data Units

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 52 of 247

If you performed the step above, match the packets with the messages and prompts in the FTP

command line window.

The first group is associated with the "connection" phase and logging into the server. List examples of messages exchanged in this phase. ______________________________________________________________________________ ______________________________________________________________________________ Locate and list examples of messages exchanged in the second phase that is the actual download request and the data transfer. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ The third group of PDUs relate to logging out and "breaking the connection". List examples of messages exchanged during this process. ______________________________________________________________________________ ______________________________________________________________________________ Locate recurring TCP exchanges throughout the FTP process. What feature of TCP does this indicate? ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

Step 3: Examine Packet Details.

Select (highlight) a packet on the list associated with the first phase of the FTP process. View the packet details in the Details pane. What are the protocols encapsulated in the frame? ______________________________________________________________________________

Page 43: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.2: Using Wireshark™ to View Protocol Data Units

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 53 of 247

Highlight the packets containing the user name and password. Examine the highlighted portion in the Packet Byte pane. What does this say about the security of this FTP login process? ______________________________________________________________________________ Highlight a packet associated with the second phase. From any pane, locate the packet containing the file name. The filename is: ______________________________ Highlight a packet containing the actual file content - note the plain text visible in the Byte pane. Highlight and examine, in the Details and Byte panes, some packets exchanged in the third phase of the file download. What features distinguish the content of these packets?

______________________________________________________________________________ When finished, close the Wireshark file and continue without saving

Task 3: HTTP PDU Capture

Step 1: Start packet capture.

Assuming Wireshark is still running from the previous steps, start packet capture by clicking on the Start option on the Capture menu of Wireshark.

Note: Capture Options do not have to be set if continuing from previous steps of this lab.

Launch a web browser on the computer that is running Wireshark. Enter the URL of the Eagle Server of example.com or enter the IP address-192.168.254.254. When the webpage has fully downloaded, stop the Wireshark packet capture.

Step 2: Increase the size of the Wireshark Packet List pane and scroll through the PDUs

listed.

Locate and identify the TCP and HTTP packets associated with the webpage download. Note the similarity between this message exchange and the FTP exchange.

Step 3: In the Packet List pane, highlight an HTTP packet that has the notation

"(text/html)" in the Info column.

In the Packet Detail pane click on the "+" next to "Line-based text data: html" When this information expands what is displayed?

Page 44: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 3.2: Using Wireshark™ to View Protocol Data Units

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 54 of 247

______________________________________________________________________________ ______________________________________________________________________________ Examine the highlighted portion of the Byte Panel.

This shows the HTML data carried by the packet.

When finished close the Wireshark file and continue without saving Task 4: Reflection Consider the encapsulation information pertaining to captured network data Wireshark can provide. Relate this to the OSI and TCP/IP layer models. It is important that you can recognize and link both the protocols represented and the protocol layer and encapsulation types of the models with the information provided by Wireshark. Task 5: Challenge Discuss how you could use a protocol analyzer such as Wireshark to: (1) Troubleshoot the failure of a webpage to download successfully to a browser on a computer. and (2) Identify data traffic on a network that is requested by users. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ Task 6: Cleanup

Unless instructed otherwise by your instructor, exit Wireshark and properly shutdown the

computer

Page 45: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4: Managing Servers

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 55 of 247

4B

4B

Lab 4

Managing Servers

Page 46: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.1: Managing a Web Server

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 56 of 247

Lab 4.1: Managing a Web Server

44BTopology Diagram

46BLearning Objectives

Upon completion of this lab, you will be able to:

• Download, install, and verify a web server application

• Verify the default web server configuration file

• Capture and analyze HTTP traffic with Wireshark

47BBackground

Web servers are an important part of the business plan for any organization with a presence on the Internet. Web browsers are used by consumers to access business web sites. However, web browsers are only half of the communication channel. The other half of the communication channel is web server support. Web server support is a valuable skill for network administrators. Based on a survey by Netcraft in January, 2010, the following table shows the top three web server applications by percent of use:

Web Server Percent of use

Apache 53.84 %

Microsoft 24.08 %

ngnix 7.53 %

48BScenario

In this lab you will download, install, and configure the popular Apache web server. A web browser will be used to connect to the server, and Wireshark will be used to capture the communication. Analysis of the capture will help you understand how the HTTP protocol operates.

Task 1: Download, Install, and Verify the Apache Web Server.

The lab should be configured as shown in the Topology Diagram and logical address table. If it is not, ask the instructor for assistance before proceeding.

Page 47: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.1: Managing a Web Server

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 57 of 247

Step 1: Download the software from Eagle Server.

The Apache web server application is available for download from Eagle Server.

1. Use a web browser and URL HTUftp://eagle-server.example.com/pub/eagle_labs/eagle1/chapter3UTH

to access and download the software. See Figure 1.

Figure 1. FTP Download Screen for the Apache Web Server

2. Right-click the file and save the software on the pod host computer.

Step 2: Install the Apache web server on the pod host computer.

1. Open the folder where the software was saved, and double-click the Apache file to begin installation. Choose default values and consent to the licensing agreement. The next installation step requires customized configuration of the web server, shown in Figure 2.

Figure 2. Customized Configuration Screen

Use the following values:

Information Value

Network Domain example.com

Server Name IP address of computer

Page 48: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.1: Managing a Web Server

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 58 of 247

Administrator’s E-mail Address

HTUccna*@example.comUT

* For example, for users 1 through 22, if the computer is on Pod 5, Host B, the administrator’s e-mail number is [email protected]

2. Accept the recommended port and service status. Click Next.

3. Accept the default typical installation, and click Next.

What is the default installation folder?

______________________________________________________________________________

4. Accept the default installation folder, click Next, and then Install. When the installation has finished, close the screen.

Figure 3. Windows Security Alert

Note: If a Windows Security Alert is displayed, select unblock. See Figure 3. This will permit connections to the web server.

Step 3: Verify the web server.

The netstat command will display protocol statistics and connection information for this lab computer.

1. Choose Start > Run and open a command line window. Type cmd, and then click OK. Use the netstat –a command to discover open and connected ports on your computer:

C:\>netstat -a

Active Connections Proto Local Address Foreign Address State TCP GW-desktop-hom:http GW-desktop-hom:0 LISTENING TCP GW-desktop-hom:epmap GW-desktop-hom:0 LISTENING TCP GW-desktop-hom:microsoft-ds GW-desktop-hom:0 LISTENING TCP GW-desktop-hom:3389 GW-desktop-hom:0 LISTENING <output omitted> C:\>

Page 49: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.1: Managing a Web Server

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 59 of 247

2. Using the command netstat –a, verify that the web server is operating properly on the pod host computer.

The Apache web server monitor icon should be visible on the lower right side of the screen, close to the time.

3. Open a web browser, and connect to the URL of your computer. A web page similar to Figure 4 will be displayed if the web server is working properly.

Figure 4. Web Server Default Page

The 127.0.0.0/ 8 network address is reserved and is used for local IP addresses. The same page should be displayed if the URL is changed to the IP address on the Ethernet interface or to any host IP address in the 127.0.0.0 / 8 network range.

4. Test the web server on several different IP addresses from the 127.0.0.0 /8 network range. Fill in the following table with the results:

Task 2: Verify the Default Web Server Configuration File.

Step 1: Access the httpd.conf file.

A system administrator may find the need to verify or modify the default configuration file.

Open the Apache web server configuration file, C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf. See Figure 5.

IP Address Status Explanation

127.0.0.1

127.255.255.254

127.255.255.255

127.0.0.0

Page 50: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.1: Managing a Web Server

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 60 of 247

Figure 5. Apache Web Server Configuration File

Step 2: Review the httpd.conf file.

Numerous configuration parameters allow the Apache web server to be fully customizable. The “#” character indicates a comment for system administrators, exempt from access by the web server. Scroll down the configuration file, and verify the following settings:

Value Meaning

#Listen 12.34.56.78:80 Listen 80

Listen on TCP port 80 for all incoming connections. To accept connections from only this host, change the line to Listen 127.0.0.1 80.

ServerAdmin [email protected] If there are problems, e-mail the web server at this e-mail address.

ServerName 172.16.1.2:80 For servers without DNS names, use the IP address:port number.

DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"

This is the root directory for the web server.

<IfModule dir_module> DirectoryIndex index.html </IfModule>

DirectoryIndex sets the file that Apache will serve if a directory is requested. If no page is requested from that directory, display index.html if it is present.

Step 3: Modify the web server default page.

Figure 4 shows the default web page from file index.html. Although this page is sufficient for testing, something more personal should be displayed.

1. Open folder C:\Program Files\Apache Software Foundation\Apache2.2\htdocs. The file index.html should be present. Right-click the file, and choose Open With. From the pull-down list, choose notepad. Change the file content to something similar to the following example:

<html><body><h1>Welcome to the Pod1HostB Web Server!!!</h1> <center><bold>

Page 51: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.1: Managing a Web Server

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 61 of 247

Operated by me! </center></bold> Contact web administrator: [email protected] </body></html>

2. Save the file, and refresh the web browser. Or, open URL http://127.0.0.1. The new default page should be displayed. As changes to index.html are made and saved, simply refresh the web browser to view the new content.

Task 3: Capture and Analyze HTTP Traffic with Wireshark.

Wireshark will not capture packets sent from or to the 127.0.0.0 network on a Windows computer. The interface will not display. To complete this task, connect to either a student’s computer or Eagle Server and analyze the data exchange.

Step 1: Analyze HTTP traffic.

1. Start Wireshark, and set the capture interface to the interface bound to the 172.16 network. Open a web browser, and connect to another computer with an active web server.

Why does index.html not have to be entered in the URL for the file contents to be displayed?

______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

2. Deliberately enter a web page that is not on the web server, as shown in Figure 6. Note that an error message is displayed in the web browser.

Figure 6. 404 Not Found Error

Page 52: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.1: Managing a Web Server

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 62 of 247

Figure 7 contains a captured HTTP session. File index.htm was requested from the web server, but the server did not have the file. Instead, the server sent a 404 error. The web browser simply displayed the server response “The page cannot be found”.

Figure 7. Wireshark Capture of HTTP Traffic

3. Highlight the capture line with the 404 error, and move into the second (middle) Wireshark window. Expand the line-based text-data record.

What are the contents?

________________________________________________________________________

Task 4: Challenge

Modify the default web server configuration file httpd.conf and change the Listen 80 line to Listen 8080. Open a web browser and access URL http://127.0.0.1:8080. Verify with the netstat command that the new web server TCP port is 8080.

Task 5: Reflection

Web servers are an important component of e-commerce. Depending on the organization, the network or web administrator has the responsibility of maintaining the corporate web server. This lab demonstrated how to install and configure the Apache web server, test for proper operation, and identify several key configuration parameters.

The student modified the default web page index.html and observed the effect on the web browser output.

Finally, Wireshark was used to capture an HTTP session of a file not found. The web server responded with an HTTP 1.1 error 404 and returned a file not found message to the web browser.

Task 6: Clean Up

During this lab the Apache web server was installed on the pod host computer. It should be uninstalled. To uninstall the web server, click Start > Control Panel > Add or Remove

Programs. Click Apache Web Server, and then click Remove.

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 53: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.2: E-mail Services and Protocols

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 63 of 247

5BLab 4.2: E-mail Services and Protocols

49BTopology Diagram

51BLearning Objectives

Upon completion of this lab, you will be able to:

• Configure the pod host computer for e-mail service

• Capture and analyze e-mail communication between the pod host computer and a mail server

52BBackground

E-mail is one of the most popular network services that uses a client/server model. The e-mail client is configured on a user’s computer, and configured to connect to an e-mail server. Most Internet service providers (ISPs) provide step-by-step instructions for using e-mail services; consequently, the typical user may be unaware of the complexities of e-mail or the protocols used.

In network environments where the MUA client must connect to an e-mail server on another network to send and receive e-mail, the following two protocols are used:

• Simple Mail Transfer Protocol (SMTP) was originally defined in RFC 821, August, 1982, and has undergone many modifications and enhancements. RFC 2821, April, 2001, consolidates and updates previous e-mail -related RFCs. The SMTP server listens on well-known TCP port 25. SMTP is used to send e-mail messages from the external e-mail client to the e-mail server, deliver e-mail to local accounts, and relay e-mail between SMTP servers.

• Post Office Protocol version 3 (POPv3) — is used when an external e-mail client wishes to receive e-mail messages from the e-mail server. POPv3 servers listen on well-known TCP port 110.

• Internet Message Access Protocol (IMAP)—An Internet protocol that allows a central server to provide remote access to e-mail messages. IMAP servers listen on well-known TCP port 143.

In this lab, you will use IMAP instead of POP for e-mail delivery to the client.

Page 54: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.2: E-mail Services and Protocols

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 64 of 247

Earlier versions of both protocols should not be used. Also, there are secure versions of both protocols that employ secure socket layers/Transport layer security (SSL/TSL) for communication.

E-mail is subject to multiple computer security vulnerabilities. Spam attacks flood networks with useless, unsolicited e-mail, consuming bandwidth and network resources. E-mail servers have had numerous vulnerabilities, which left the computer open to compromise.

53BScenario

In this lab, you will configure and use an e-mail client application to connect to eagle-server network services. You will monitor the communication with Wireshark and analyze the captured packets.

An e-mail client such as Outlook Express or Mozilla Thunderbird will be used to connect to the eagle-server network service. Eagle-server has SMTP mail services preconfigured, with user accounts capable of sending and receiving external e-mail messages.

Task 1: Configure the Pod Host Computer for E-mail Service.

The lab should be configured as shown in the Topology Diagram and logical address table. If it is not, ask the instructor for assistance before proceeding.

Step 1: Download and install Mozilla Thunderbird.

If Thunderbird is not installed on the pod host computer, it can be downloaded from eagle-server.example.com. See Figure 1. The download URL is HTUftp://eagle-server.example.com/pub/eagle_labs/eagle1/chapter3UTH/.

Figure 1. FTP Download for Wireshark

1. Double click the Thunderbird filename, and then select Save to save the file to the host pod computer.

Note: Depending on the connection speed of the link between the two routers and the number of students downloading the file, this download may be slow.

2. When the file has downloaded, double-click the filename, accept the software license, and install Thunderbird with the default settings.

3. When installation is complete, start Thunderbird.

Page 55: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.2: E-mail Services and Protocols

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 65 of 247

Step 2: Configure Thunderbird to receive and send e-mail messages.

1. If prompted for Import Options, select “Don’t import anything” and select Next

2. When Thunderbird starts, e-mail account settings must be configured. In the New Account Setup, select “Email account” and select Next.

3. As prompted, fill in the Account information as follows:

Field Value

Account Name The account name is based on the pod and host computer. There are a total of 22 accounts configured on Eagle Server, labeled ccna[1..22]. If this pod host is on Pod1, Host A, then the account name is ccna1. If the pod host is on Pod 3, Host B, then the account name is ccna6. And so on.

Your Name Use the same name as above.

E-mail address [email protected]

Type of incoming server you are using

IMAP

Incoming Server (IMAP)

Eagle-server.example.com

Outgoing Server (SMTP)

Eagle-server.example.com

Incoming User Name Use the same name as above.

Account Name [email protected]

Page 56: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.2: E-mail Services and Protocols

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 66 of 247

4. When Thunderbird starts, you may be prompted for a password for your email account. At this screen select “Cancel”

The Thunderbird client needs to have SMTP server login disabled. To do this, select Tools >

Account Settings>Outgoing Server (SMTP). Then from the Outgoing server screen, select Edit. See figure 2.

Figure 2. Thunderbird SMTP server settings

At the SMTP Server screen, uncheck the “Use name and password” box and select OK at the two screens. See Figure 3.

Page 57: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.2: E-mail Services and Protocols

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 67 of 247

Figure 3. SMTP server edit

5. You may also want to verify account settings from Tools > Account Settings. See Figure 4.

Figure 4. Thunderbird Account Settings

6. In the left pane of the Account Settings screen, click Server Settings. A screen similar to the one shown in Figure 5 will displayed.

Page 58: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.2: E-mail Services and Protocols

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 68 of 247

Figure 5. Thunderbird Server Settings Screen

What is the purpose of the SMTP protocol, and what is the well-known TCP port number?

______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

Task 2: Capture and Analyze E-mail Communication between the Pod Host Computer and

an E-mail Server.

Step 1: Send an e-mail.

1. Ask another student in the class for his or her e-mail name.

2. To create and send an email, select the “Write” icon. Using this name, each of you should compose and send an e-mail message to each other.

3. When the emails have been sent, check your email. In order to check your email, you must be logged in. If you have not previously logged in, enter cisco as the password. Please note that this is the default password which is embedded within the Eagle server.

Step 2: Start Wireshark captures.

When you are certain that the e-mail operation is working properly for both sending and receiving, start a Wireshark capture. Wireshark will display captures based on packet type.

Page 59: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.2: E-mail Services and Protocols

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 69 of 247

Step 3: Analyze a Wireshark capture session of SMTP.

1. Using the e-mail client, again send and receive e-mail to a classmate. This time, however, the e-mail transactions will be captured.

2. After sending and receiving one e-mail message, stop the Wireshark capture. A partial Wireshark capture of an outgoing e-mail message using SMTP is shown in Figure 6.

Figure 6. SMTP Capture

3. Highlight the first SMTP capture in the top Wireshark window. In Figure 6, this is line number 7.

4. In the second Wireshark window, expand the Simple Mail Transfer Protocol record.

There are many different types of SMTP servers. Malicious attackers can gain valuable knowledge simply by learning the SMTP server type and version.

What is the SMTP server name and version?

____________________________________________________________________________ E-mail client applications send commands to e-mail servers, and e-mail servers send responses. In every first SMTP exchange, the e-mail client sends the command EHLO. The syntax may vary between clients, however, and the command may also be HELO or HELLO. The e-mail server must respond to the command.

What is the SMTP server response to the EHLO command?

____________________________________________________________________________ The next exchanges between the e-mail client and server contain e-mail information. Using your Wireshark capture, fill in the e-mail server responses to the e-mail client commands:

E-mail Client E-mail Server

Page 60: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.2: E-mail Services and Protocols

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 70 of 247

MAIL FROM:<[email protected]>

RCPT TO:<[email protected]>

DATA

(message body is sent)

What are the contents of the last message body from the e-mail client?

______________________________________________________________________________ ______________________________________________________________________________ How does the e-mail server respond?

______________________________________________________________________________ ______________________________________________________________________________

Task 3: Challenge

Access a computer that has Internet access. Look up the SMTP server name and version for known weaknesses or compromises. Are there any newer versions available?

Task 4: Reflection

E-mail is probably the most common network service used. Understanding the flow of traffic with the SMTP protocol will help you understand how the protocol manages the client/server data connection. E-mail can also experience configuration issues. Is the problem with the e-mail client or e-mail server? One simple way to test SMTP server operation is to use the Windows command line Telnet utility to telnet into the SMTP server.

1. To test SMTP operation, open the Windows command line window and begin a Telnet session with the SMTP server.

C:\>telnet eagle-server.example.com 25

220 localhost.localdomain ESMTP Sendmail 8.13.1/8.13.1; Sun, 28 Jan 2007 20:41:0 3 +1000 HELO eagle-server.example.com 250 localhost.localdomain Hello [172.16.1.2], pleased to meet you MAIL From: [email protected] 250 2.1.0 [email protected]... Sender ok RCPT To: [email protected] 250 2.1.5 [email protected]... Recipient ok DATA 354 Please start mail input. e-mail SMTP server test...

. 250 Mail queued for delivery.

Page 61: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 4.2: E-mail Services and Protocols

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 71 of 247

QUIT 221 Closing connection. Good bye. Connection to host lost. C:\>

Task 5: Clean Up

If Thunderbird was installed on the pod host computer for this lab, the instructor may want the application removed. To remove Thunderbird, click Start > Control Panel > Add or Remove

Programs. Scroll to and click Thunderbird, and then click Remove.

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 62: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5: Application & Transport Layer Protocols

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 72 of 247

LAB 5

Application and Transport Layer Protocols

Page 63: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.1: Observing TCP and UDP using Netstat

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 73 of 247

Lab 5.1: Observing TCP and UDP using Netstat

Topology Diagram

55BLearning Objectives

• Explain common netstat command parameters and outputs.

• Use netstat to examine protocol information on a pod host computer.

56BBackground

netstat is an abbreviation for the network statistics utility, available on both Windows and Unix / Linux computers. Passing optional parameters with the command will change output information. netstat displays incoming and outgoing network connections (TCP and UDP), host computer routing table information, and interface statistics.

57BScenario

In this lab the student will examine the netstat command on a pod host computer, and adjust netstat output options to analyze and understand TCP/IP Transport Layer protocol status. Task 1: Explain common netstat command parameters and outputs.

Open a terminal window by clicking on Start | Run. Type cmd, and press OK.

To display help information about the netstat command, use the /? options, as shown:

C:\> netstat /? <ENTER>

Use the output of the netstat /? command as reference Uto fill in the appropriate optionU that best matches the description:

Option Description

Display all connections and listening ports.

Display addresses and port numbers in numerical form.

Redisplay statistics every five seconds. Press CTRL+C to stop redisplaying statistics.

Page 64: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.1: Observing TCP and UDP using Netstat

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 74 of 247

Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the –s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.

Redisplay all connections and listening ports every 30 seconds.

Display only open connections. This is a tricky problem.

When netstat statistics are displayed for TCP connections, the TCP state is displayed. During the life of a TCP connection, the connection passes through a series of states. The following table is a summary of TCP states, compiled from RFC 793, Transmission Control Protocol, September, 1981, as reported by netstat:

State Connection Description

LISTEN The local connection is waiting for a connection request from any remote device.

ESTABLISHED The connection is open, and data may be exchanged through the connection. This is the normal state for the data transfer phase of the connection.

TIME-WAIT The local connection is waiting a default period of time after sending a connection termination request before closing the connection. This is a normal condition, and will normally last between 30 - 120 seconds.

CLOSE-WAIT The connection is closed, but is waiting for a termination request from the local user.

SYN-SENT The local connection is waiting for a response after sending a connection request. The connection should transition quickly through this state.

SYN_RECEIVED The local connection is waiting for a confirming connection request acknowledgment. The connection should transition quickly through this state. Multiple connections in SYN_RECEIVED state may indicate a TCP SYN attack.

IP addresses displayed by netstat fall into several categories:

IP Address Description

127.0.0.1 This address refers to the local host, or this computer.

0.0.0.0 A global address, meaning “ANY”.

Remote Address The address of the remote device that has a connection with this computer.

Task 2: Use netstat to Examine Protocol Information on a Pod Host Computer.

Step 1: Use netstat to view existing connections.

From the terminal window in Task 1, above, issue the command netstat –a:

C:\> netstat –a <ENTER>

Page 65: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.1: Observing TCP and UDP using Netstat

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 75 of 247

A table will be displayed that lists protocol (TCP and UDP), Local address, Foreign address, and State information. Addresses and protocols that can be translated into names are displayed. The –n option forces netstat to display output in raw format. From the terminal window, issue the command netstat –an:

C:\> netstat –an <ENTER> Use the window vertical scroll bar to go back and forth between the outputs of the two commands. Compare outputs, noting how well-known port numbers are changed to names. Write down three TCP and three UDP connections from the netstat –a output, and the corresponding translated port numbers from the netstat –an output. If there are fewer than three connections that translate, note that in your table.

Connection Proto Local Address Foreign Address State

Refer to the following netstat output. A new network engineer suspects that his host computer has been compromised by an outside attack against ports 1070 and 1071. How would you respond?

C:\> netstat –n Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:1070 127.0.0.1:1071 ESTABLISHED TCP 127.0.0.1:1071 127.0.0.1:1070 ESTABLISHED C:\>

______________________________________________________________________________ ______________________________________________________________________________

Page 66: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.1: Observing TCP and UDP using Netstat

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 76 of 247

Step 2: Establish multiple concurrent TCP connections and record netstat output.

In this task, several simultaneous connections will be made with Eagle Server. The venerable telnet command will be used to access Eagle Server network services, thus providing several protocols to examine with netstat. Open an additional four terminal windows. Arrange the windows so that all are visible. The four terminal windows that will be used for telnet connections to Eagle Server can be relatively small, approximately ½ screen width by ¼ screen height. The terminal windows that will be used to collect connection information should be ½ screen width by full screen height. Several network services on Eagle Server will respond to a telnet connection. We will use:

• DNS- domain name server, port 53

• FTP- FTP server, port 21

• SMTP- SMTP mail server, port 25

• TELNET- Telnet server, port 23

Why should telnet to UDP ports fail? ___________________________________________________________________________ ___________________________________________________________________________

To close a telnet connection, press the <CTRL> ] keys together. That will bring up the telnet prompt, Microsoft Telnet>. Type quit <ENTER> to close the session. In the first telnet terminal window, telnet to Eagle Server on port 53. In the second terminal window, telnet on port 21. In the third terminal window, telnet on port 25. In the fourth terminal window, telnet on port 23. The command for a telnet connection on port 21 is shown below:

C:\> telnet eagle-server.example.com 53

In the large terminal window, record established connections with Eagle Server. Output should look similar to the following. If typing is slow, a connection may close before all connections have been made. Eventually, connections should terminate from inactivity.

Proto Local Address Foreign Address State TCP 192.168.254.1:1688 192.168.254.254:21 ESTABLISHED TCP 192.168.254.1:1691 192.168.254.254:25 ESTABLISHED TCP 192.168.254.1:1693 192.168.254.254:53 ESTABLISHED TCP 192.168.254.1:1694 192.168.254.254:23 ESTABLISHED

Task 3: Reflection The netstat utility displays incoming and outgoing network connections (TCP and UDP), host computer routing table information, and interface statistics.

Task 4: Challenge

Page 67: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.1: Observing TCP and UDP using Netstat

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 77 of 247

Close Established sessions abruptly (close the terminal window), and issue the netstat –an command. Try to view connections in stages different from ESTABLISHED.

Task 5: Cleanup

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 68: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.2: TCP/IP Transport Layer Protocols, TCP and UDP

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 78 of 247

Lab 5.2: TCP/IP Transport Layer Protocols, TCP and UDP

Topology Diagram

59BLearning Objectives

• Identify TCP header fields and operation using a Wireshark FTP session capture.

• Identify UDP header fields and operation using a Wireshark TFTP session capture.

60BBackground

The two protocols in the TCP/IP Transport Layer are the transmission control protocol (TCP), defined in RFC 761, January, 1980, and user datagram protocol (UDP), defined in RFC 768, August, 1980. Both protocols support upper-layer protocol communication. For example, TCP is used to provide Transport Layer support for the HTTP and FTP protocols, among others. UDP provides Transport Layer support for domain name services (DNS) and trivial file transfer protocol (TFTP), among others. The ability to understand the parts of the TCP and UDP headers and operation are a critical skill for network engineers.

61BScenario

Using Wireshark capture, analyze TCP and UDP protocol header fields for file transfers between the host computer and Eagle Server. If Wireshark has not been loaded on the host pod computer, it may be downloaded from URL HTUftp://eagle-server.example.com/pub/eagle_labs/eagle1/chapter4/UTH, file wireshark-setup-0.99.4.exe. Windows command line utilities ftp and tftp will be used to connect to Eagle Server and download files.

Task 1: Identify TCP Header Fields and Operation using a Wireshark FTP Session

Capture.

Step 1: Capture a FTP session.

TCP sessions are well controlled and managed by information exchanged in the TCP header fields. In this task, a FTP session will be made to Eagle Server. When finished, the session capture will be analyzed. Windows computers use the FTP client, ftp, to connect to the FTP server. A command line window will start the FTP session, and the text configuration file for S1-

Page 69: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.2: TCP/IP Transport Layer Protocols, TCP and UDP

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 79 of 247

central from Eagle Server will be downloaded, /pub/eagle_labs/eagle1/chapter4/s1-central, to the host computer.

Open a command line window by clicking on Start | Run, type cmd, then press OK.

Figure 1. Command line window.

A window similar to Figure 1 should open. Start a Wireshark capture on the interface that has IP address 172.16.Pod#.[1-2]. Start an FTP connection to Eagle Server. Type the command:

> ftp eagle-server.example.com

When prompted for a user id, type anonymous. When prompted for a password, press <ENTER>. Change the FTP directory to /pub/eagle_labs/eagle1/chapter4/:

ftp> cd /pub/eagle_labs/eagle1/chapter4/ Download the file s1-central:

ftp> get s1-central When finished, terminate the FTP sessions in each command line window with the FTP quit command:

ftp> quit Close the command line window with the command exit:

> exit Stop the Wireshark capture.

Page 70: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.2: TCP/IP Transport Layer Protocols, TCP and UDP

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 80 of 247

Step 2: Analyze the TCP fields.

Figure 2. FTP capture.

Switch to the Wireshark capture windows. The top window contains summary information for each captured record. Student capture should be similar to the capture shown in Figure 2. Before delving into TCP packet details, an explanation of the summary information is needed. When the FTP client is connected to the FTP server, the Transport Layer protocol TCP created a reliable session. TCP is routinely used during a session to control datagram delivery, verify datagram arrival, and manage window size. For each exchange of data between the FTP client and FTP server, a new TCP session is started. At the conclusion of the data transfer, the TCP session is closed. Finally, when the FTP session is finished TCP performs an orderly shutdown and termination.

Figure 3. Wireshark capture of a TCP datagram.

In Wireshark, detailed TCP information is available in the middle window. Highlight the first TCP datagram from the host computer, and move the mouse pointer to the middle window. It may be necessary to adjust the middle window and expand the TCP record by clicking on the protocol expand box. The expanded TCP datagram should look similar to Figure 3.

Page 71: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.2: TCP/IP Transport Layer Protocols, TCP and UDP

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 81 of 247

How is the first datagram in a TCP session identified? ________________________________________________________________________ ________________________________________________________________________

Figure 4. TCP packet fields.

Refer to Figure 4, a TCP datagram diagram. An explanation of each field is provided to refresh the student’s memory:

• TCP Source port number belongs to the TCP session host that opened a connection.

The value is normally a random value above 1023. • Destination port number is used to identify the upper layer protocol or application on

the remote site. The values in the range 0–1023 represent the so called “well known ports” and are associated with popular services and applications (as described in RFC 1700, such as telnet, File Transfer Protocol (FTP), HyperText Transfer Protocol (HTTP), etc). The quadruple field combination (Source IP Address, Source Port, Destination IP Address, Destination Port) uniquely identifies the session to both sender and receiver.

• Sequence number specifies the number of the last octet in a segment. • Acknowledgment number specifies the next octet expected by the receiver. • Code Bits have a special meaning in session management and in the treatment of

segments. Among interesting values are: • ACK (Acknowledgement of a segment receipt), • SYN (Synchronize, only set when a new TCP session is negotiated during the

TCP three-way handshake). • FIN (Finish, request to close the TCP session).

• Window size is the value of the sliding window - how many octets can be sent before waiting for an acknowledgement.

• Urgent pointer is only used with an URG (Urgent) flag - when the sender needs to send urgent data to the receiver.

• Options: The only option currently defined is the maximum TCP segment size (optional value).

Using the Wireshark capture of the first TCP session start-up (SYN bit set to 1), fill in information about the TCP header:

Page 72: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.2: TCP/IP Transport Layer Protocols, TCP and UDP

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 82 of 247

From pod host computer to Eagle Server (only the SYN bit is set to 1):

Source IP Address: 172.16.___.___

Destination IP Address: _______________

Source port number: ______________

Destination port number: ______________

Sequence number: ____________

Acknowledgement number: ___________

Header length: ______________

Window size: _______________

From Eagle Server to pod host computer (only SYN and ACK bits are set to 1):

Source IP Address: ________________

Destination IP Address: 172.16.___.___

Source port number: ______________

Destination port number: ______________

Sequence number: ______________

Acknowledgement number: ___________

Header length: ______________

Window size: _______________

From pod host computer to Eagle Server (only ACK bit is set to 1):

Source IP Address: 172.16.___.___

Destination IP Address: _______________

Source port number: ______________

Destination port number: ______________

Sequence number: ____________

Acknowledgement number: ___________

Header length: ______________

Window size: _______________

Ignoring the TCP session started when a data transfer occurred, how many other TCP datagrams contained a SYN bit?

__________________________________________________________________________

Page 73: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.2: TCP/IP Transport Layer Protocols, TCP and UDP

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 83 of 247

__________________________________________________________________________ Attackers take advantage of the three-way handshake by initiating a “half-open” connection. In this sequence, the opening TCP session sends a TCP datagram with the SYN bit set and the receiver sends a related TCP datagram with the SYN ACK bits set. A final ACK bit is never sent to finish the TCP handshake. Instead, a new TCP connection is started in half-open fashion. With sufficient TCP sessions in the half-open state, the receiving computer may exhaust resources and crash. A crash could involve a loss of networking services, or corrupt the operating system. In either case the attacker has won, networking service has been stopped on the receiver. This is one example of a denial-of-service (DoS) attack.

Figure 5. TCP session management.

The FTP client and server communicate between each other, unaware and uncaring that TCP has control and management over the session. When the FTP server sends a Response: 220 to the FTP client, the TCP session on the FTP client sends an acknowledgment to the TCP session on Eagle Server. This sequence is shown in Figure 5, and is visible in the Wireshark capture.

Figure 6. Orderly TCP session termination.

When the FTP session has finished, the FTP client sends a command to “quit”. The FTP server acknowledges the FTP termination with a Response :221 Goodbye. At this time the FTP server TCP session sends a TCP datagram to the FTP client, announcing the termination of the TCP session. The FTP client TCP session acknowledges receipt of the termination datagram, then sends its own TCP session termination. When the originator of the TCP termination, FTP server, receives a duplicate termination, an ACK datagram is sent to acknowledge the termination and the TCP session is closed. This sequence is shown in Figure 6, and visible in the Wireshark capture.

Page 74: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.2: TCP/IP Transport Layer Protocols, TCP and UDP

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 84 of 247

Without an orderly termination, such as when the connection is broken, the TCP sessions will wait a certain period of time until closing. The default timeout value varies, but is normally 5 minutes. Task 2: Identify UDP header fields and operation using a Wireshark TFTP session

capture.

Step 1: Capture a TFTP session.

Following the procedure in Task 1 above, open a command line window. The TFTP command has a different syntax than FTP. For example, there is no authentication. Also, there are only two commands, get, to retrieve a file, and put, to send a file.

>tftp –help

Transfers files to and from a remote computer running the TFTP service.

TFTP [-i] host [GET | PUT] source [destination]

-i Specifies binary image transfer mode (also called octet). In binary image mode the file is moved literally, byte by byte. Use this mode when transferring binary files. host Specifies the local or remote host. GET Transfers the file destination on the remote host to the file source on the local host. PUT Transfers the file source on the local host to the file destination on the remote host. source Specifies the file to transfer.

destination Specifies where to transfer the file.

Table 1. TFTP syntax for a Windows TFTP client.

Table 1 contains Windows TFTP client syntax. The TFTP server has it’s own directory on Eagle Server, /tftpboot, which is different from the directory structure supported by the FTP server. No authentication is supported. Start a Wireshark capture, then download the s1-central configuration file from Eagle Server with the Windows TFTP client. The command and syntax to perform this is shown below:

>tftp eagle-server.example.com get s1-central

Step 2: Analyze the UDP fields.

Page 75: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.2: TCP/IP Transport Layer Protocols, TCP and UDP

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 85 of 247

Figure 7. Summary capture of a UDP session.

Switch to the Wireshark capture windows. Student capture should be similar to the capture shown in Figure 7. A TFTP transfer will be used to analyze Transport Layer UDP operation.

Figure 8. Wireshark capture of a UDP datagram.

In Wireshark, detailed UDP information is available in the middle window. Highlight the first UDP datagram from the host computer, and move the mouse pointer to the middle window. It may be necessary to adjust the middle window and expand the UDP record by clicking on the protocol expand box. The expanded UDP datagram should look similar to Figure 8.

Figure 9. UDP format.

Refer to Figure 9, a UDP datagram diagram. Header information is sparse, compared to the TCP datagram. There are similarities, however. Each UDP datagram is identified by the UDP source port and UDP destination port. Using the Wireshark capture of the first UDP datagram, fill in information about the UDP header. The checksum value is a hexadecimal (base 16) value, denoted by the preceding 0x code:

Source IP Address: 172.16.___.___

Destination IP Address:

Page 76: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.2: TCP/IP Transport Layer Protocols, TCP and UDP

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 86 of 247

_______________

Source port number: ______________

Destination port number: ______________

UDP message length: _____________

UDP checksum: _____________

How does UDP verify datagram integrity? ________________________________________________________________________ ________________________________________________________________________

Examine the first packet returned from Eagle Server. Fill in information about the UDP header:

Source IP Address:

Destination IP Address: 172.16.___.___

Source port number: ______________

Destination port number: ______________

UDP message length: ____________

UDP checksum: 0x _____________

Notice that the return UDP datagram has a different UDP source port, but this source port is used for the remainder of the TFTP transfer. Since there is no reliable connection, only the original source port used to begin the TFTP session is used to maintain the TFTP transfer. Task 5: Reflection This lab provided students with the opportunity to analyze TCP and UDP protocol operations from captured FTP and TFTP sessions. TCP manages communication much differently from UDP, but reliability and guaranteed delivery requires additional control over the communication channel. UDP has less overhead and control, and the upper-layer protocol must provide some type of acknowledgement control. Both protocols, however, transport data between clients and servers using Application Layer protocols and are appropriate for the upper-layer protocol each supports.

Task 6: Challenge Since neither FTP nor TFTP are secure protocols, all data transferred is sent in clear text. This includes any user ids, passwords, or clear text file contents. Analyzing the upper-layer FTP session will quickly identify the user id, password, and configuration file passwords. Upper-layer TFTP data examination is a bit more complicated, but the data field can be examined and configuration user id and password information extracted.

Task 7: Cleanup

During this lab several files were transferred to the host computer, and should be removed.

Page 77: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.2: TCP/IP Transport Layer Protocols, TCP and UDP

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 87 of 247

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 78: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.3: Application and Transport Layer Protocols Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 88 of 247

6BLab 5.3: Application and Transport Layer Protocols Examination

62BTopology Diagram

64BLearning Objectives

Upon completion of this lab, you will be able to:

• Configure the host computer to capture Application layer protocols.

• Capture and analyze HTTP communication between the pod host computer and a web server.

• Capture and analyze FTP communication between the pod host computer and an FTP server.

• Observe TCP establish and manage communication channels with HTTP and FTP connections

65BBackground

The primary function of the Transport Layer is to keep track of multiple application conversations on the same host. However, different applications have different requirements for their data, and therefore different Transport protocols have been developed to meet these requirements. Application layer protocols define the communication between network services, such as a web server and client, and an FTP server and client. Clients initiate communication to the appropriate server, and the server responds to the client. For each network service there is a different server listening on a different port for client connections. There may be several servers on the same end device. A user may open several client applications to the same server, yet each client communicates exclusively with a session established between the client and server.

Application layer protocols rely on lower level TCP/IP protocols, such as TCP or UDP. This lab will examine two popular Application Layer protocols, HTTP and FTP, and how Transport Layer protocols TCP and UDP manage the communication channel. Also examined are popular client requests and corresponding server responses.

66BScenario

In this lab, you will use client applications to connect to eagle-server network services. You will monitor the communication with Wireshark and analyze the captured packets.

Page 79: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.3: Application and Transport Layer Protocols Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 89 of 247

A web browser such as Internet Explorer or Firefox will be used to connect to the eagle-server network service. Eagle-server has several network services preconfigured, such as HTTP, waiting to respond to client requests.

The web browser will also be used to examine the FTP protocol, as well as the FTP command line client. This exercise will demonstrate that although clients may differ the underlying communication to the server remains the same.

Task 1: Configure the Pod Host Computer to Capture Application Layer Protocols.

The lab should be configured as shown in the Topology Diagram and logical address table. If it is not, ask the instructor for assistance before proceeding.

Step 1: Download and install wireshark.

Figure 1. FTP Download for Wireshark

If Wireshark is not installed on the pod host computer, it can be downloaded from eagle-server.example.com. See Figure 1. The download URL is HTUftp://eagle-server.example.com/pub/eagle_labs/eagle1/chapter3UTH.

1. Right-click the wireshark filename, then save the file to the host pod computer.

2. When the file has downloaded, double-click the filename and install Wireshark with the default settings.

Step 2: Start Wireshark and configure the Capture Interface.

1. Start Wireshark from Start > All Programs > Wireshark > Wireshark.

2. When the opening screen appears, set the correct Capture Interface. The interface with the IP address of the pod host computer is the correct interface. See Figure 2.

Page 80: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.3: Application and Transport Layer Protocols Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 90 of 247

Figure 2. Wireshark Interface Capture Screen

Wireshark can be started by clicking the interface Start button. Thereafter, the interface is used as the default and does not need to be changed.

Wireshark should begin to log data.

3. Stop Wireshark for the moment. Wireshark will be used in upcoming tasks.

Task 2: Capture and Analyze HTTP Communication Between the Pod Host Computer and a

Web Server.

HTTP is an Application layer protocol, relying on lower level protocols such as TCP to establish and manage the communication channel. HTTP version 1.1 is defined in RFC 2616, dated 1999. This part of the lab will demonstrate how sessions between multiple web clients and the web server are kept separate.

Step 1: Start Wireshark captures.

Start a Wireshark capture. Wireshark will display captures based on packet type.

Step 2: Start the pod host web browser.

1. Using a web browser such as Internet Explorer or Firefox, connect to URL HTUhttp://eagle-server.example.comUTH. A web page similar to Figure 3 will be displayed. Do not close this web browser until instructed to do so.

Figure 3. Web Browser Connected to Web Server

2. Click the web browser Refresh button. There should be no change to the display in the web client.

3. Open a second web browser, and connect to URL HTUhttp://eagle-server.example.com/page2.htmlUTH. This will display a different web page.

Do not close either browser until Wireshark capture is stopped.

Page 81: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.3: Application and Transport Layer Protocols Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 91 of 247

Step 3: Stop Wireshark captures and analyze the captured data.

1. Stop Wireshark captures.

2. Close the web browsers.

The resulting Wireshark data will be displayed. There were actually at least three HTTP sessions created in Step 2. The first HTTP session started with a connection to HTUhttp://eagle-server.example.comUTH. The second session occurred with a refresh action. The third session occurred when the second web browser accessed HTUhttp://eagle-server.example.com/page2.htmlUTH.

Figure 4. Captured HTTP Session

A sample captured HTTP session is shown in Figure 4. Before HTTP can begin, the TCP session must be created. This is seen in the first three session lines, numbers 10, 11, and 12. Use your capture or similar Wireshark output to answer the following questions:

3. Fill in the following table from the information presented in the HTTP session:

Web browser IP address

Web server IP address

Transport layer protocol (UDP/TCP)

Web browser port number

Web server port number

4. Which computer initiated the HTTP session, and how?

__________________________________________________________________________

__________________________________________________________________________

5. Which computer initially signaled an end to the HTTP session, and how?

___________________________________________________________________________ ___________________________________________________________________________

6. Highlight the first line of the HTTP protocol, a GET request from the web browser. In

Figure 4 above, the GET request is on line 13. Move into the second (middle) Wireshark window to examine the layered protocols. If necessary, expand the fields.

7. Which protocol is carried (encapsulated) inside the TCP segment?

___________________________________________________________________________

Page 82: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.3: Application and Transport Layer Protocols Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 92 of 247

8. Expand the last protocol record, and any subfields. This is the actual information sent to the web server. Complete the following table using information from the protocol.

Protocol Version

Request Method

* Request URI

Language

* Request URI is the path to the requested document. In the first browser, the path is the root directory of the web server. Although no page was requested, some web servers are configured to display a default file if one is available.

The web server responds with the next HTTP packet. In Figure 4, this is on line 15. A response to the web browser is possible because the web server (1) understands the type of request and (2) has a file to return. Crackers sometimes send unknown or garbled requests to web servers in an attempt to stop the server or gain access to the server command line. Also, a request for an unknown web page will result in an error message.

9. Highlight the web server response, and then move into the second (middle) window. Open all collapsed sub-fields of HTTP. Notice the information returned from the server. In this reply, there are only a few lines of text (web server responses can contain thousands or millions of bytes). The web browser understands and correctly formats the data in the browser window. .

10. What is the web server response to the web client GET request?

__________________________________________________________________________

11. What does this response mean?

__________________________________________________________________________

12. Scroll down the top window of Wireshark until the second HTTP session, refresh, is visible. A sample capture is shown in Figure 5.

Figure 5. Captured HTTP Session for Refresh

The significance of the refresh action is in the server response, 304 Not Modified. With a single packet returned for both the initial GET request and refresh, the bandwidth used is minimal. However, for an initial response that contains millions of bytes, a single reply packet can save significant bandwidth.

Because this web page was saved in the web client’s cache, the GET request contained the following additional instructions to the web server:

Page 83: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.3: Application and Transport Layer Protocols Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 93 of 247

If-modified-since: Fri, 26 Jan 2007 06:19:33 GMT\r\n If-None-Match: “98072-b8-82da8740”\r\n <- page tag number (ETAG)

13. What is the ETAG response from the web server?

__________________________________________________________________________

Task 3: Capture and Analyze FTP Communication Between the Pod Host Computer and a

Web Server.

The Application layer protocol FTP has undergone significant revision since it first appeared in RFC 114, in 1971. FTP version 5.1 is defined in RFC 959, dated October, 1985.

The familiar web browser can be used to communicate with more than just the HTTP server. In this task, the web browser and a command line FTP utility will be used to download data from an FTP server.

Figure 6. Windows Command Line Screen

In preparation for this task, open a command line on the host pod computer. This can be accomplished by clicking Start > Run, then typing CMD and clicking OK. A screen similar to Figure 6 will be displayed.

Step 1: Start Wireshark captures.

If necessary, refer to Task 1, Step 2, to open Wireshark.

Step 2: Start the pod host command line FTP client.

1. Start a pod host computer FTP session with the FTP server, using the Windows FTP client utility. To authenticate, use userid anonymous. In response to the password prompt, press <ENTER>.

>ftp eagle-server.example.com

Connected to eagle-server.example.com. 220 Welcome to the eagle-server FTP service. User (eagle-server.example.com:(none)): anonymous

331 Please specify the password. Password: <ENTER> 230 Login successful.

Page 84: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.3: Application and Transport Layer Protocols Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 94 of 247

2. The FTP client prompt is ftp>. This means that the FTP client is waiting for a command

to send to the FTP server. To view a list of FTP client commands, type help <ENTER>:

ftp> help Commands may be abbreviated. Commands are: ! delete literal prompt send ? debug ls put status append dir mdelete pwd trace ascii disconnect mdir quit type bell get mget quote user binary glob mkdir recv verbose bye hash mls remotehelp cd help mput rename close lcd open rmdir Unfortunately, the large number of FTP client commands makes using the command line utility difficult for a novice. We will only use a few commands for Wireshark evaluation.

3. Type the command dir to display the current directory contents:

ftp> dir 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. drwxr-xr-x 3 0 0 4096 Jan 12 04:32 pub The FTP client is at the root directory of the FTP server. This is not the real root directory of the server—only the highest point that user anonymous can access. User anonymous has been placed into a root jail, prohibiting access outside of the current directory.

4. Subdirectories can be traversed, however, and files transferred to the pod host computer. Move into directory pub/eagle_labs/eagle1/chapter2, download a file, and exit.

ftp> cd pub/eagle_labs/eagle1/chapter2 250 Directory successfully changed. ftp> dir 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw-r--r-- 1 0 100 5853 Jan 12 04:26 ftptoeagle-server.pcap -rw-r--r-- 1 0 100 4493 Jan 12 04:27 http to eagle-server.pcap -rw-r--r-- 1 0 100 1486 Jan 12 04:27 ping to 192.168.254.254.pcap -rw-r--r-- 1 0 100 15163750 Jan 12 04:30 wireshark-setup-0.99.4.exe 226 Directory send OK. ftp: 333 bytes received in 0.04Seconds 8.12Kbytes/sec. ftp> get "ftptoeagle-server.pcap"

200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for ftptoeagle-server.pcap (5853 bytes).

Page 85: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.3: Application and Transport Layer Protocols Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 95 of 247

226 File send OK. ftp: 5853 bytes received in 0.34Seconds 17.21Kbytes/sec. ftp> quit

221 Goodbye.

5. Close the command line window with the exit command.

6. Stop Wireshark captures, and save the captures as FTP_Command_Line_Client.

Step 3: Start the pod host web browser.

1. Start Wireshark captures again.

Figure 7. Web Browser Used as an FTP Client

2. Open a web browser as shown in Figure 7, and type in URL HTUftp://eagle-server.example.comUTH. A browser window opens with the pub directory displayed. Also, the web browser logged into the FTP server as user Anonymous as shown on the bottom of the screen capture.

3. Using the browser, go down the directories until the URL path is pub/eagle-labs/eagle1/chapter2. Double-click the file ftptoeagle-server.pcap and save the file.

4. When finished, close the web browser.

5. Stop Wireshark captures, and save the captures as FTP_Web_Browser_Client.

Step 4: Stop Wireshark captures and analyze the captured data.

1. If not already opened, open the Wireshark capture FTP_Web_Browser_Client.

2. On the top Wireshark window, select the FTP capture that is the first FTP protocol transmission, Response: 220. In Figure 8, this is line 23.

Page 86: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.3: Application and Transport Layer Protocols Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 96 of 247

Figure 8. Wireshark Capture of an FTP Session with a Web Browser

3. Move into the middle Wireshark window and expand the FTP protocol. FTP communicates using codes, similar to HTTP.

What is the FTP server response 220?

____________________________________________________________________________ When the FTP server issued a Response: 331 Please specify the password, what was the web browser reply?

____________________________________________________________________________ Which port number does the FTP client use to connect to the FTP server port 21?

____________________________________________________________________________ When data is transferred or with simple directory listings, a new port is opened. This is called the transfer mode. The transfer mode can be either active or passive. In active mode, the server opens a TCP session to the FTP client and transfers data across that port. The FTP server source port number is 20, and the FTP client port number is some number above 1023. In passive mode, however, the client opens a new port to the server for data transfer. Both port numbers are above 1023.

What is the FTP-DATA port number used by the FTP server?

____________________________________________________________________________

4. Open the Wireshark capture FTP_Web_Browser_Client, and observe the FTP communication. Although the clients are different, the commands are similar.

Step 5: FTP active and passive transfer modes

The implications between the two modes are very important from an information security perspective. The transfer mode sets how the data port is configured.

Page 87: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.3: Application and Transport Layer Protocols Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 97 of 247

In active transfer mode, a client initiates an FTP session with the server on well-known TCP port 21. For data transfer, the server initiates a connection from well-known TCP port 20 to a client’s high port, a port number above 1023. See Figure 9.

Figure 9. Active FTP

Unless the FTP client firewall is configured to permit connections from the outside, data transfer may fail. To establish connectivity for data transfer, the FTP client must permit either FTP-related connections (implying stateful packet filtering), or disable blocking.

In passive transfer mode, a client initiates an FTP session with the server on well-known TCP port 21, the same connection used in the active transfer mode. For data transfer, however, there are two significant changes. First, the client initiates the data connection to the server. Second, high ports are used on both ends of the connection. See Figure 10.

Figure 10. Passive FTP

Unless the FTP server is configured to permit a connection to a random high port, data transfer will fail. Not all FTP client applications support changes to the transfer mode.

Task 4: Reflection

Both HTTP and FTP protocols rely on TCP to communicate. TCP manages the connection between client and server to ensure datagram delivery.

A client application may be either a web browser or command line utility, but each must send and receive messages that can be correctly interpreted. The communication protocol is normally defined in an RFC.

The FTP client must authenticate to the FTP server, even if the authentication is open to the world. User Anonymous normally has restricted access to the FTP server and cannot upload files.

An HTTP session begins when a request is made to the HTTP server and ends when the response has been acknowledged by the HTTP client. An FTP session, however, lasts until the client signals that it is leaving with the quit command.

Page 88: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 5.3: Application and Transport Layer Protocols Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 98 of 247

HTTP uses a single protocol to communicate with the HTTP server. The server listens on port 80 for client connections. FTP, however, uses two protocols. The FTP server listens on TCP port 21, as the command line. Depending on the transfer mode, the server or client may initiate the data connection.

Multiple Application layer protocols can be accessed through a simple web browser. While only HTTP and FTP were examined, Telnet and Gopher may also be supported on the browser. The browser acts as a client to the server, sending requests and processing replies.

Task 5: Challenge

Enabling Wireshark capture, use a web browser to browse to R2 at http://172.16.255.254/level/7/exec or use a Telnet client to connect to a Cisco device such as S1-Central or R2-Central. Observe the HTTP or Telnet protocol behavior. Issue some commands to observe the results.

How is the Application layer protocol Telnet similar to HTTP and FTP? How is TELNET different?

____________________________________________________________________________ ____________________________________________________________________________

Task 6: Clean Up

If Wireshark was installed on the pod host computer for this lab, the instructor may want the application removed. To remove Wireshark, click Start > Control Panel > Add or Remove

Programs. Scroll to the bottom of the list, right-click on Wireshark, and click Remove.

If downloaded files need to be removed from the host pod computer, delete all files retrieved from the FTP server.

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 89: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6: Examining a Device’s Gateway & Route

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 99 of 247

7B

Lab 6

Examining a Device’s Gateway & Route

Page 90: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.1: Examining a Device’s Gateway

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 100 of 247

Lab 6.1: Examining a Device’s Gateway

67BTopology Diagram

69BLearning Objectives

Upon completion of this lab, you will be able to:

• Understand and explain the purpose of a gateway address.

• Understand how network information is configured on a Windows computer.

• Troubleshoot a hidden gateway address problem.

70BBackground

An IP address is composed of a network portion and a host portion. A computer that communicates with another device must first know how to reach the device. For devices on the same local area network (LAN), the host portion of the IP address is used as the identifier. The network portion of the destination device is the same as the network portion of the host device.

However, devices on different networks have different source and destination network numbers. The network portion of the IP address is used to identify when a packet must be sent to a gateway address, which is assigned to a network device that forwards packets between distant networks.

A router is assigned the gateway address for all the devices on the LAN. One purpose of a router is to serve as an entry point for packets coming into the network and exit point for packets leaving the network.

Gateway addresses are very important to users. Cisco estimates that 80 percent of network traffic will be destined to devices on other networks, and only 20 percent of network traffic will go to local devices. This is called the 80/20 rule. Therefore, if a gateway cannot be reached by the LAN devices, users will not be able to perform their job.

71BScenario

Pod host computers must communicate with Eagle Server, but Eagle Server is located on a different network. If the pod host computer gateway address is not configured properly, connectivity with Eagle Server will fail.

Using several common utilities, network configuration on a pod host computer will be verified.

Page 91: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.1: Examining a Device’s Gateway

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 101 of 247

Task 1: Understand and Explain the Purpose of a Gateway Address.

Figure 1. Communication between LAN Devices

For local area network (LAN) traffic, the gateway address is the address of the Ethernet interface connected to the LAN. Figure 1 shows two devices on the same network communicating with the ping command. Any device that has the same network address—in this example, 172.16.0.0—is on the same LAN.

Referring to Figure 1, what is the MAC address of the network device on IP address 172.16.1.1?

____________________________________________________________________________ There are several Windows commands that will display a network gateway address. One popular command is netstat –r. In the following transcript, the netstat –r command is used to view the gateway addresses for this computer. The top highlight shows what gateway address is used to forward all network packets destined outside of the LAN. The ”quad-zero” Network Destination and Netmask values, 0.0.0.0 and 0.0.0.0, refer to any network not specifically known. For any non-local network, this computer will use 172.16.255.254 as the default gateway. The second yellow highlight displays the information in human-readable form. More specific networks are reached through other gateway addresses. A local interface, called the loopback interface, is automatically assigned to the 127.0.0.0 network. This interface is used to identify the local host to local network services. Refer to the gray highlighted entry. Finally, any device on network 172.16.0.0 is accessed through gateway 172.16.1.2, the IP address for this Ethernet interface. This entry is highlighted in green.

C:\>netstat –r

Route Table ======================================================================= Interface List 0x1 ......................... MS TCP Loopback interface 0x20005 ...00 16 76 ac a7 6a Intel(R) 82562V 10/100 Network Connection ======================================================================= ======================================================================= Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.16.255.254 172.16.1.2 1

Page 92: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.1: Examining a Device’s Gateway

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 102 of 247

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 172.16.0.0 255.255.0.0 172.16.1.2 172.16.1.2 20 172.16.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20 172.16.255.255 255.255.255.255 172.16.1.2 172.16.1.2 20 255.255.255.255 255.255.255.255 172.16.1.2 172.16.1.2 1 Default Gateway: 172.16.255.254 ======================================================================= Persistent Routes: None C:\>

Step 1: Open a terminal window on a pod host computer.

What is the default gateway address?

____________________________________________________________________________

Step 2: Use the ping command to verify connectivity with IP address 127.0.0.1.

Was the ping successful? __________

Step 3: Use the ping command to ping different IP addresses on the 127.0.0.0 network,

127.10.1.1, and 127.255.255.255.

Were responses successful? If not, why?

____________________________________________________________________________

____________________________________________________________________________

A default gateway address permits a network device to communicate with other devices on different networks. In essence, it is the door to other networks. All traffic destined to different networks must go through the network device that has the default gateway address.

Figure 2. Communication between Devices on Different Networks

As shown in Figure 2, communication between devices on different networks is different than on a LAN. Pod host computer #2, IP address 172.16.1.2, initiates a ping to IP address 192.168.254.254. Because network 172.16.0.0 is different from 192.168.254.0, the pod host

Page 93: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.1: Examining a Device’s Gateway

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 103 of 247

computer requests the MAC address of the default gateway device. This gateway device, a router, responds with its MAC address. The computer composes the Layer 2 header with the destination MAC address of the router and places frames on the wire to the gateway device.

Referring to Figure 2, what is the MAC address of the gateway device?

____________________________________________________________________________ Referring to Figure 2, what is the MAC address of the network device with IP address 192.168.254.254?

____________________________________________________________________________

Task 2: Understand how Network Information is Configured on a Windows Computer.

Many times connectivity issues are attributed to wrong network settings. In troubleshooting connectivity issues, several tools are available to quickly determine the network configuration for any Windows computer.

Figure 3. Network Interface with Static IP Address

Step 1: Examine network properties settings.

One method that may be useful in determining the network interface IP properties is to examine the pod host computer’s Network Properties settings. To access this window:

1. Click Start > Control Panel > Network Connections.

2. Right-click Local Area Connection, and choose Properties.

3. On the General tab, scroll down the list of items in the pane, select Internet Protocol

(TCP/IP), and click the Properties button. A window similar to the one in Figure 3 will be displayed.

Page 94: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.1: Examining a Device’s Gateway

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 104 of 247

Figure 4. Network Interface with Dynamic IP Address

However, a dynamic IP address may be configured, as shown in Figure 4. In this case, the Network Properties settings window is not very useful for determining IP address information.

A more consistently reliable method for determining network settings on a Windows computer is to use the ipconfig command:

C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix .: �IP Address .....................: 172.16.1.2 �Subnet Mask ....................: 255.255.0.0 �Default Gateway ................: 172.16.255.254

� IP address for this pod host computer � Subnet mask � Default gateway address

There are several options available with the ipconfig command, accessible with the command ipconfig /?. To show the most information about the network connections, use the command ipconfig /all.

C:\>ipconfig /all Windows IP Configuration

Host Name ................ .....: GW-desktop-home Primary Dns Suffix .............: Node Type ......................: Unknown IP Routing Enabled ... .........: No WINS Proxy Enabled ...... ......: No

Ethernet adapter Local Area Connection: Connection-specific DNS Suffix .: Description ....................: Intel (R) 8256V 10/100 Network Connection Physical Address ...............: 00-16-76-AC-A7-6A

Page 95: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.1: Examining a Device’s Gateway

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 105 of 247

Dhcp Enabled ...................: No IP Address .....................: 172.16.1.2 Subnet Mask ....................: 255.255.0.0 Default Gateway ................: 172.16.255.254 �DNS Servers ....................: 192.168.254.254 C:\>

� Domain name server IP address

Step 2: Using the command ipconfig /all, fill in the following table with information from

your pod host computer:

Description Address

IP Address

Subnet Mask

Default Gateway

DNS Server

Task 3: Troubleshoot a Hidden Gateway Address Problem.

Figure 5. Topology Diagram

When troubleshooting network issues, a thorough understanding of the network can often assist in identifying the real problem. Refer to the network topology in Figure 5 and the logical IP address assignments in Table 1.

Page 96: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.1: Examining a Device’s Gateway

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 106 of 247

As the 3rd shift help desk Cisco engineer, you are asked for assistance from the help desk technician. The technician received a trouble ticket from a user on computer host-1A, complaining that computer host-11B, host-11B.example.com, does not respond to pings. The technician verified the cables and network settings on both computers, but nothing unusual was found. You check with the corporate network engineer, who reports that R2-Central has been temporarily brought down for a hardware upgrade.

Nodding your head in understanding, you ask the technician to ping the IP address for host-11B, 172.16.11.2 from host-1A. The pings are successful. Then, you ask the technician to ping the gateway IP address, 172.16.255.254, and the pings fail.

What is wrong?

____________________________________________________________________________

____________________________________________________________________________ You instruct the help desk technician to tell the user to use the IP address for host-11B temporarily, and the user is able to establish connectivity with the computer. Within the hour the gateway router is back on line, and normal network operation resumes.

Task 4: Reflection

A gateway address is critical to network connectivity, and in some instances LAN devices require a default gateway to communicate with other devices on the LAN.

Using Windows command line utilities such as netstat –r and ipconfig /all will report gateway settings on host computers.

Task 5: Challenge

Use Wireshark to capture a ping between two pod host computers. It may be necessary to restart the host computer to flush the DNS cache. First, use the hostname of the destination pod computer for DNS to reply with the destination IP address. Observe the communication sequence between network devices, especially the gateway. Next, capture a ping between network devices using only IP addresses. The gateway address should not be needed.

Task 6: Clean Up

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 97: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.2: Examining a Route

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 107 of 247

8BLab 6.2: Examining a Route

72BTopology Diagram

74BLearning Objectives

Upon completion of this lab, you will be able to:

• Use the route command to modify a Windows computer routing table.

• Use a Windows Telnet client command telnet to connect to a Cisco router.

• Examine router routes using basic Cisco IOS commands.

75BBackground

For packets to travel across a network, a device must know the route to the destination network. This lab will compare how routes are used in Windows computers and the Cisco router.

Some routes are added to routing tables automatically, based upon configuration information on the network interface. The device considers a network directly connected when it has an IP address and network mask configured, and the network route is automatically entered into the routing table. For networks that are not directly connected, a default gateway IP address is configured that will send traffic to a device that should know about the network.

76BScenario

Using a pod host computer, examine the routing table with the route command and identify the different routes and gateway IP address for the route. Delete the default gateway route, test the connection, and then add the default gateway route back to the host table.

Use a pod host computer to telnet into R2-Central, and examine the routing table.

Task 1: Use the route Command to Modify a Windows Computer Routing Table.

C:\>netstat –r

Route Table ======================================================================= Interface List 0x1 ......................... MS TCP Loopback interface 0x20005 ...00 16 76 ac a7 6a Intel(R) 82562V 10/100 Network Connection

Page 98: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.2: Examining a Route

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 108 of 247

======================================================================= ======================================================================= Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.16.255.254 172.16.1.2 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 172.16.0.0 255.255.0.0 172.16.1.2 172.16.1.2 20 172.16.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20 172.16.255.255 255.255.255.255 172.16.1.2 172.16.1.2 20 255.255.255.255 255.255.255.255 172.16.1.2 172.16.1.2 1 Default Gateway: 172.16.255.254 ======================================================================= Persistent Routes: None C:\>

Figure 1. Output of the netstat Command

Shown in Figure 1, output from the netstat –r command is useful to determine route and gateway information.

Step 1: Examine the active routes on a Windows computer.

A useful command to modify the routing table is the route command. Unlike the netstat –r command, the route command can be used to view, add, delete, or change routing table entries. To view detailed information about the route command, use the option route /?.

An abbreviated option list for the route command is shown below:

route PRINT Prints active routes route ADD Adds a route: route ADD network MASK mask gateway route DELETE Deletes a route: route DELETE network route CHANGE Modifies an existing route

To view active routes, issue the command route PRINT:

C:\ >route PRINT

======================================================================= Interface List 0x1 ........................... MS TCP Loopback interface 0x70003 ...00 16 76 ac a7 6a .Intel(R) 82562V 10/100 Network Connection ======================================================================= ======================================================================= Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.16.255.254 172.16.1.2 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

Page 99: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.2: Examining a Route

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 109 of 247

172.16.0.0 255.255.0.0 172.16.1.2 172.16.1.2 20 172.16.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20 172.16.255.255 255.255.255.255 172.16.1.2 172.16.1.2 20 255.255.255.255 255.255.255.255 172.16.1.2 172.16.1.2 1 Default Gateway: 172.16.255.254 ======================================================================= Persistent Routes: None C:\>

Verify network connectivity to Eagle Server:

C:\> ping eagle-server.example.com

Pinging eagle-server.example.com [192.168.254.254] with 32 bytes of data: Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Ping statistics for 192.168.254.254: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\>

What is the gateway address to eagle-server.example.com?

____________________________________________________________________________

Step 2: Delete a route from the Windows computer routing table.

How important is the default gateway route? Delete the gateway route, and try to ping Eagle Server. The syntax to remove the default gateway route is:

route DELETE network C:/> route DELETE 0.0.0.0

Examine the active routing table and verify that the default gateway route has been removed:

What is the default gateway IP address?

____________________________________________________________________________

Try to ping Eagle Server. What are the results?

____________________________________________________________________________

Page 100: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.2: Examining a Route

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 110 of 247

If the default gateway IP address is removed, how can the DNS server be reached to resolve eagle-server.example.com?

Can other LAN devices be reached, such as 172.16.255.254?

____________________________________________________________________________

Step 3: Insert a route into the Windows computer routing table.

In the following configuration, use the IP address assigned to your host pod interface. The syntax to add a route to the Windows computer routing table is:

route ADD network MASK mask gateway-IP address C:/> route ADD 0.0.0.0 MASK 0.0.0.0 172.16.255.T254

Examine the active routing table, and verify that the default gateway route has been restored:

Has the default gateway route been restored? __________:

Try to ping Eagle Server. What are the results?

____________________________________________________________________________

Task 2: Use a Windows Telnet Client Command telnet to Connect to a Cisco Router.

In this task, you will telnet into the R2-Central router and use common IOS commands to examine the router routing table. Cisco devices have a Telnet server and, if properly configured, will permit remote logins. Access to the router is restricted, however, and requires a username and password. The password for all usernames is cisco. The username depends on the pod. Username ccna1 is for users on pod 1 computer, ccna2 is for students on pod 2 computers, and so on.

Step 1: Using the Windows Telnet client, log in to a Cisco router.

Open a terminal window by clicking Start > Run. Type cmd, and click OK. A terminal window and prompt should be available. The Telnet utility has several options and can be viewed with the telnet /? command. A username and password will be required to log in to the router. For all usernames, the corresponding password is cisco.

Pod

Number

Username

1 ccna1

2 ccna2

3 ccna3

4 ccna4

5 ccna5

6 ccna6

7 ccna7

Page 101: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.2: Examining a Route

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 111 of 247

Pod

Number

Username

8 ccna8

9 Ccna9

10 ccna10

11 ccna11

To start a Telnet session with router R2-central, type the command:

C:/> telnet 172.16.255.254 <ENTER>

A login window will prompt for a username, as shown below. Enter the applicable username, and press <ENTER>. Enter the password, cisco, and press <ENTER>. The router prompt should be visible after a successful login.

***************************************************************** This is Eagle 1 lab router R2-Central. Authorized access only. ***************************************************************** User Access Verification Username: ccna1 Password: cisco (hidden) R2-Central#

At the prompt, R2-Central#, a successful Telnet login has been created. Only limited permissions for ccnax usernames are available; therefore, it is not possible to modify router settings or view the configuration. The purpose of this task was to establish a Telnet session, which has been accomplished. In the next task, the router routing table will be examined.

Task 3: Examine Router Routes using Basic Cisco IOS Commands.

As with any network device, gateway addresses instruct the device about how to reach other networks when no other information is available. Similar to the host computer default gateway IP address, a router may also employ a default gateway. Also similar to a host computer, a router is knowledgeable about directly connected networks.

This task will not examine Cisco IOS commands in detail but will use a common IOS command to view the routing table. The syntax to view the routing table is:

show ip route <ENTER>

Step 1: Enter the command to display the router routing table.

The route information displayed is much more detailed than the route information on a host computer. This is to be expected, because the job of a router is to route traffic between networks.

Page 102: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.2: Examining a Route

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 112 of 247

The information required of this task, however, is not difficult to glean. Figure 2 shows the routing table for R2-Central.

R2-Central#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area,* - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 10.10.10.6 to network 0.0.0.0 C 172.16.0.0/16 is directly connected, FastEthernet0/0 10.0.0.0/30 is subnetted, 1 subnets C 10.10.10.4 is directly connected, Serial0/1/0 S* 0.0.0.0/0 [1/0] via 10.10.10.6 R2-Central#

Figure 2. Output of the Cisco IOS show ip route Command

The Codes section shown in Figure 3 provides an explanation for the symbols to the left of each route entry.

R2-Central#show ip route Codes: �C - connected, �S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, �* - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route �Gateway of last resort is 10.10.10.6 to network 0.0.0.0 �C 172.16.0.0/16 is directly connected, FastEthernet0/0 10.0.0.0/30 is subnetted, 1 subnets �C 10.10.10.4 is directly connected, Serial0/1/0 ��S* 0.0.0.0/0 [1/0] via 10.10.10.6 R2-Central#

Figure 3. Explanation of Codes

� C denotes directly connected networks and the interface that supports the connection. � S denotes a static route, which is manually entered by the Cisco network engineer. � Because the route is ”quad-zero,” it is a candidate default route.

Page 103: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.2: Examining a Route

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 113 of 247

� If there is no other route in the routing table, use this gateway of last resort IP address to forward packets.

How is IP mask information displayed in a router routing table?

____________________________________________________________________________

____________________________________________________________________________

What would the router do with packets destined to 192.168.254.254?

____________________________________________________________________________

____________________________________________________________________________

When finished examining the routing table, exit the router with the command exit <ENTER>.

The telnet client will also close the connection with the telnet escape sequence <CTRL> ] and quit. Close the terminal window.

Task 4: Reflection

Two new Windows commands were used in this lab. The route command was used to view, delete, and add route information on the pod host computer.

The Windows Telnet client, telnet, was used to connect to a lab router, R2-Central. This technique will be used in other labs to connect to Cisco network devices.

The router routing table was examined with the Cisco IOS command show ip route. Routes for directly connected networks, statically assigned routes, and gateway of last resort information are displayed.

Task 5: Challenge

Other Cisco IOS commands can be used to view IP address information on a router. Similar to the Windows ipconfig command, the Cisco IOS command show ip interface brief will display IP address assignments.

R2-Central#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 172.16.255.254 YES manual up up FastEthernet0/1 unassigned YES unset administratively down down Serial0/2/0 10.10.10.5 YES manual up up Serial0/2/1 unassigned YES unset administratively down down R2-Central#

Using Windows commands and the Cisco IOS commands in this lab, compare network information output. What was missing? What critical network information was similar?

Page 104: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.2: Examining a Route

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 114 of 247

____________________________________________________________________________

____________________________________________________________________________

Task 6: Clean Up

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 105: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.3: Ping and Traceroute

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 115 of 247

9BLab 6.3: Ping and Traceroute

77BTopology Diagram

79BLearning Objectives

Upon completion of this lab, you will be able to:

• Use the ping command to verify simple TCP/IP network connectivity.

• Use the tracert/traceroute command to verify TCP/IP connectivity.

80BBackground

Two tools that are indispensable when testing TCP/IP network connectivity are ping and tracert. The ping utility is available on Windows, Linux, and Cisco IOS, and tests network connectivity. The tracert utility is available on Windows, and a similar utility, traceroute, is available on Linux and Cisco IOS. In addition to testing for connectivity, tracert can be used to check for network latency.

For example, when a web browser fails to connect to a web server, the problem can be anywhere between client and the server. A network engineer may use the ping command to test for local network connectivity or connections where there are few devices. In a complex network, the tracert command would be used. Where to begin connectivity tests has been the subject of much debate; it usually depends on the experience of the network engineer and familiarity with the network.

The Internet Control Message Protocol (ICMP) is used by both ping and tracert to send messages between devices. ICMP is a TCP/IP Network layer protocol, first defined in RFC 792, September, 1981. ICMP message types were later expanded in RFC 1700.

81BScenario

In this lab, the ping and tracert commands will be examined, and command options will be used to modify the command behavior. To familiarize the students with the use of the commands, devices in the Cisco lab will be tested.

Measured delay time will probably be less than those on a production network. This is because there is little network traffic in the Eagle 1 lab.

Page 106: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.3: Ping and Traceroute

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 116 of 247

Task 1: Use the ping Command to Verify Simple TCP/IP Network Connectivity.

The ping command is used to verify TCP/IP Network layer connectivity on the local host computer or another device in the network. The command can be used with a destination IP address or qualified name, such as eagle-server.example.com, to test domain name services (DNS) functionality. For this lab, only IP addresses will be used.

The ping operation is straightforward. The source computer sends an ICMP echo request to the destination. The destination responds with an echo reply. If there is a break between the source and destination, a router may respond with an ICMP message that the host is unknown or the destination network is unknown.

Step 1: Verify TCP/IP Network layer connectivity on the local host computer.

C:\> ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 172.16.1.2 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : 172.16.255.254 C:\>

Figure 1. Local TCP/IP Network Information

1. Open a Windows terminal and determine IP address of the pod host computer with the ipconfig command, as shown in Figure 1.

The output should look the same except for the IP address. Each pod host computer should have the same network mask and default gateway address; only the IP address may differ. If the information is missing or if the subnet mask and default gateway are different, reconfigure the TCP/IP settings to match the settings for this pod host computer.

2. Record information about local TCP/IP network information:

TCP/IP

Information

Value

IP Address

Subnet Mask

Default Gateway

Page 107: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.3: Ping and Traceroute

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 117 of 247

Figure 2. Output of the ping Command on the Local TCP/IP Stack

3. Use the ping command to verify TCP/IP Network layer connectivity on the local host computer.

By default, four ping requests are sent to the destination and reply information is received. Output should look similar to that shown in Figure 2.

� Destination address, set to the IP address for the local computer.

� Reply information:

bytes—size of the ICMP packet.

time—elapsed time between transmission and reply.

TTL—default TTL value of the DESTINATION device, minus the number of routers in the path. The maximum TTL value is 255, and for newer Windows machines the default value is 128.

� Summary information about the replies:

� Packets Sent—number of packets transmitted. By default, four packets are sent.

���� Packets Received—number of packets received.

���� Packets Lost —difference between number of packets sent and received.

���� Information about the delay in replies, measured in milliseconds. Lower round trip times indicate faster links. A computer timer is set to 10 milliseconds. Values faster than 10 milliseconds will display 0.

4. Fill in the results of the ping command on your computer:

Field Value

Size of packet

Number of packets sent

Number of replies

Number of lost packets

Minimum delay

Maximum delay

Average delay

Page 108: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.3: Ping and Traceroute

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 118 of 247

Step 2: Verify TCP/IP Network layer connectivity on the LAN.

C:\> ping 172.16.255.254 Pinging 172.16.255.254 with 32 bytes of data: Reply from 172.16.255.254: bytes=32 time=1ms TTL=255 Reply from 172.16.255.254: bytes=32 time<1ms TTL=255 Reply from 172.16.255.254: bytes=32 time<1ms TTL=255 Reply from 172.16.255.254: bytes=32 time<1ms TTL=255 Ping statistics for 172.16.255.254: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms C:\>

Figure 3. Output of the ping Command to the Default Gateway

1. Use the ping command to verify TCP/IP Network layer connectivity to the default gateway. Results should be similar to those shown in Figure 3.

Cisco IOS default TTL value is set to 255. Because the datagrams did not travel through a router, the TTL value returned is 255.

2. Fill in the results of the ping command to the default Gateway:

Field Value

Size of packet

Number of packets sent

Number of replies

Number of lost packets

Minimum delay

Maximum delay

Average delay

What would be the result of a loss of connectivity to the default gateway?

______________________________________________________________________________

Step 3: Verify TCP/IP Network layer connectivity to a remote network.

C:\> ping 192.168.254.254 Pinging 192.168.254.254 with 32 bytes of data: Reply from 192.168.254.254: bytes=32 time<1ms TTL=62 Reply from 192.168.254.254: bytes=32 time<1ms TTL=62 Reply from 192.168.254.254: bytes=32 time<1ms TTL=62 Reply from 192.168.254.254: bytes=32 time<1ms TTL=62 Ping statistics for 192.168.254.254: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

Page 109: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.3: Ping and Traceroute

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 119 of 247

C:\>

Figure 4. Output of the ping Command to Eagle Server

1. Use the ping command to verify TCP/IP Network layer connectivity to a device on a remote network. In this case, Eagle Server will be used. Results should be similar to those shown in Figure 4.

Linux default TTL value is set to 64. Since the datagrams traveled through two routers to reach Eagle Server, the returned TTL value is 62.

2. Fill in the results of the ping command on your computer:

Field Value

Size of packet

Number of packets sent

Number of replies

Number of lost packets

Minimum delay

Maximum delay

Average delay

C:\ > ping 192.168.254.254 Pinging 192.168.254.254 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.254.254: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\>

Figure 5. Output of a ping Command with Lost Packets

The ping command is extremely useful when troubleshooting network connectivity. However, there are limitations. In Figure 5, the output shows that a user cannot reach Eagle Server. Is the problem with Eagle Server or a device in the path? The tracert command, examined next, can display network latency and path information.

Page 110: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.3: Ping and Traceroute

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 120 of 247

Task 2: Use the tracert Command to Verify TCP/IP Connectivity.

The tracert command is useful for learning about network latency and path information. Instead of using the ping command to test connectivity of each device to the destination, one by one, the tracert command can be used.

On Linux and Cisco IOS devices, the equivalent command is traceroute.

Step 1: Verify TCP/IP Network layer connectivity with the tracert command.

1. Open a Windows terminal and issue the following command:

C:\> tracert 192.168.254.254

C:\> tracert 192.168.254.254 Tracing route to 192.168.254.254 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 172.16.255.254 2 <1 ms <1 ms <1 ms 10.10.10.6 3 <1 ms <1 ms <1 ms 192.168.254.254 Trace complete. C:\>

Figure 6. Output of the tracrt command to Eagle Server.

Output from the tracert command should be similar to that shown in Figure 6.

2. Record your result in the following table:

Field Value

Maximum number of hops

First router IP address

Second router IP address

Destination reached?

Step 2: Observe tracert output to a host that lost network connectivity.

If there is a loss of connectivity to an end device such as Eagle Server, the tracert command can give valuable clues as to the source of the problem. The ping command would show the failure but not any other kind of information about the devices in the path. Referring to the Eagle 1 lab Topology Diagram, both R2-Central and R1-ISP are used for connectivity between the pod host computers and Eagle Server.

C:\> tracert -w 5 -h 4 192.168.254.254 Tracing route to 192.168.254.254 over a maximum of 4 hops 1 <1 ms <1 ms <1 ms 172.16.255.254 2 <1 ms <1 ms <1 ms 10.10.10.6 3 * * * Request timed out. 4 * * * Request timed out. Trace complete. C:\>

Page 111: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.3: Ping and Traceroute

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 121 of 247

Figure 7. Output of the tracert Command

Refer to Figure 7. Options are used with the tracert command to reduce wait time (in milliseconds), -w 5, and maximum hop count, -h 4. If Eagle Server was disconnected from the network, the default gateway would respond correctly, as well as R1-ISP. The problem must be on the 192.168.254.0/24 network. In this example, Eagle Server has been turned off.

What would the tracert output be if R1-ISP failed?

What would the tracert output be if R2-Central failed?

______________________________________________________________________________

Task 3: Challenge

The default values for the ping command normally work for most troubleshooting scenarios. There are times, however, when fine tuning ping options may be useful. Issuing the ping command without any destination address will display the options shown in Figure 8:

C:\> ping Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] target_name Options: -t Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -l size Send buffer size. -f Set Don't Fragment flag in packet. -i TTL Time To Live. -v TOS Type Of Service. -r count Record route for count hops. -s count Timestamp for count hops. -j host-list Loose source route along host-list. -k host-list Strict source route along host-list. -w timeout Timeout in milliseconds to wait for each reply. C:\>

Figure 8. Output of a ping Command with no Destination Address

The most useful options are highlighted in yellow. Some options do not work together, such as the –t and –n options. Other options can be used together. Experiment with the following options:

Page 112: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.3: Ping and Traceroute

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 122 of 247

To ping the destination address until stopped, use the –t option. To stop, press <CTRL> C:

C:\> ping –t 192.168.254.254 Pinging 192.168.254.254 with 32 bytes of data: Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Ping statistics for 192.168.254.254: Packets: Sent = 6, Received = 6, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Control-C ^C C:\>

Figure 9. Output of a ping Command using the –t Option

To ping the destination once, and record router hops, use the –n and –r options, as shown in Figure 10. Note: Not all devices will honor the –r option.

C:\> ping -n 1 –r 9 192.168.254.254 Pinging 192.168.254.254 with 32 bytes of data: Reply from 192.168.254.254: bytes=32 time=1ms TTL=63 Route: 10.10.10.5 -> 192.168.254.253 -> 192.168.254.254 -> 10.10.10.6 -> 172.16.255.254 Ping statistics for 192.168.254.254: Packets: Sent = 1, Received = 1, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms C:\>

Figure 10. Output of a ping Command using the –n and –r Options

Task 4: Reflection

Both ping and tracert are used by network engineers to test network connectivity. For basic network connectivity, the ping command works best. To test latency and the network path, the tracert command is preferred.

The ability to accurately and quickly diagnose network connectivity issues is a skill expected from a network engineer. Knowledge about the TCP/IP protocols and practice with troubleshooting commands will build that skill.

Page 113: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.3: Ping and Traceroute

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 123 of 247

Task 5: Clean Up

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 114: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.4: Examining ICMP Packets

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 124 of 247

10BLab 6.4: Examining ICMP Packets

82BTopology Diagram

84BLearning Objectives

Upon completion of this lab, you will be able to:

• Understand the format of ICMP packets.

• Use Wireshark to capture and examine ICMP messages.

85BBackground

The Internet Control Message Protocol (ICMP) was first defined in RFC 792, September, 1981. ICMP message types were later expanded in RFC 1700. ICMP operates at the TCP/IP Network layer and is used to exchange information between devices.

ICMP packets serve many uses in today’s computer network. When a router cannot deliver a packet to a destination network or host, an informational message is returned to the source. Also, the ping and tracert commands send ICMP messages to destinations, and destinations respond with ICMP messages.

86BScenario

Using the Eagle 1 Lab, Wireshark captures will be made of ICMP packets between network devices.

Task 1: Understand the Format of ICMP Packets.

Figure 1. ICMP Message Header

Refer to Figure 1, the ICMP header fields common to all ICMP message types. Each ICMP message starts with an 8-bit Type field, an 8-bit Code field, and a computed 16-bit Checksum. The ICMP message type describes the remaining ICMP fields. The table in Figure 2 shows ICMP message types from RFC 792:

Page 115: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.4: Examining ICMP Packets

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 125 of 247

Value Meaning

0 Echo Reply

3 Destination Unreachable

4 Source Quench

5 Redirect

8 Echo

11 Time Exceeded

12 Parameter Problem

13 Timestamp

14 Timestamp Reply

15 Information Request

16 Information Reply

Figure 2. ICMP Message Types

Codes provide additional information to the Type field. For example, if the Type field is 3, destination unreachable, additional information about the problem is returned in the Code field. The table in Figure 3 shows message codes for an ICMP Type 3 message, destination unreachable, from RFC 1700:

Code

Value

Meaning

0 Net Unreachable

1 Host Unreachable

2 Protocol Unreachable

3 Port Unreachable

4 Fragmentation Needed and Don't Fragment was Set

5 Source Route Failed

6 Destination Network Unknown

7 Destination Host Unknown

8 Source Host Isolated

9 Communication with Destination Network is Administratively Prohibited

10 Communication with Destination Host is Administratively Prohibited

11 Destination Network Unreachable for Type of Service

12 Destination Host Unreachable for Type of Service

Figure 3. ICMP Type 3 Message Codes

Page 116: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.4: Examining ICMP Packets

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 126 of 247

Using ICMP message capture shown in Figure 4, fill in the fields for the ICMP packet echo request. Values beginning with 0x are hexadecimal numbers:

Figure 4. ICMP Packet Echo Request

Using the ICMP message capture shown in Figure 5, fill in the fields for the ICMP packet echo reply:

Figure 5. ICMP Packet Echo Reply

At the TCP/IP Network layer, communication between devices is not guaranteed. However, ICMP does provide minimal checks for a reply to match the request. From the information provided in the ICMP messages above, how does the sender know that the reply is to a specific echo?

______________________________________________________________________________

______________________________________________________________________________

Task 2: Use Wireshark to Capture and Examine ICMP Messages.

Page 117: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.4: Examining ICMP Packets

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 127 of 247

Figure 6. Wireshark Download Site

If Wireshark has not been loaded on the pod host computer, it can be downloaded from Eagle Server.

1. Open a web browser, URL HTUFTP://eagle-server.example.com/pub/eagle_labs/eagle1/chapter6UTH, as shown in Figure 6.

2. Right-click the Wireshark filename, click Save Link As, and save the file to the pod host computer.

3. When the file has been downloaded, open and install Wireshark.

Step 1: Capture and evaluate ICMP echo messages to Eagle Server.

In this step, Wireshark will be used to examine ICMP echo messages.

1. Open a Windows terminal on the pod host computer.

2. When ready, start Wireshark capture.

C:\> ping eagle-server.example.com Pinging eagle-server.example.com [192.168.254.254] with 32 bytes of data: Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Reply from 192.168.254.254: bytes=32 time<1ms TTL=63 Ping statistics for 192.168.254.254: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\>

Figure 7. Successful ping Replies from Eagle Server

3. From the Windows terminal, ping Eagle Server. Four successful replies should be received from Eagle Server, as shown in Figure 7.

4. Stop Wireshark capture. There should be a total of four ICMP echo requests and matching echo replies, similar to those shown in Figure 8.

Page 118: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.4: Examining ICMP Packets

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 128 of 247

Figure 8. Wireshark Capture of ping Requests and Replies

Which network device responds to the ICMP echo request? _____________________________

5. Expand the middle window in Wireshark, and expand the Internet Control Message Protocol record until all fields are visible. The bottom window will also be needed to examine the Data field.

6. Record information from the first echo request packet to Eagle Server:

Field Value

Type

Code

Checksum

Identifier

Sequence number

Data

Are there 32 bytes of data? _____

7. Record information from the first echo reply packet from Eagle Server:

Field Value

Type

Code

Checksum

Identifier

Sequence number

Data

Which fields, if any, changed from the echo request?_______________________________________________________________________

8. Continue to evaluate the remaining echo requests and replies. Fill in the following information from each new ping:

Packet Checksum Identifier Sequence number

Page 119: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.4: Examining ICMP Packets

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 129 of 247

Request # 2

Reply # 2

Request # 3

Reply # 3

Request # 4

Reply # 4

Why did the Checksum values change with each new request?

______________________________________________________________________________

Step 2: Capture and evaluate ICMP echo messages to 192.168.253.1.

In this step, pings will be sent to a fictitious network and host. The results from the Wireshark capture will be evaluated—and may be surprising.

Try to ping IP address 192.168.253.1.

C:\> ping 192.168.253.1 Pinging 192.168.253.1 with 32 bytes of data: Reply from 172.16.255.254: Destination host unreachable. Reply from 172.16.255.254: Destination host unreachable. Reply from 172.16.255.254: Destination host unreachable. Reply from 172.16.255.254: Destination host unreachable. Ping statistics for 192.168.253.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\>

Figure 9. Ping Results from a Fictitious Destination

See Figure 9. Instead of a request timeout, there is an echo response.

What network device responds to pings to a fictitious destination?

______________________________________________________________________________

Figure 10. Wireshark Capture from a Fictitious Destination

Wireshark captures to a fictitious destination are shown in Figure 10. Expand the middle Wireshark window and the Internet Control Message Protocol record.

Which ICMP message type is used to return information to the sender?

______________________________________________________________________________

What is the code associated with the message type?

Page 120: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.4: Examining ICMP Packets

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 130 of 247

______________________________________________________________________________

Step 3: Capture and evaluate ICMP echo messages that exceed the TTL value.

In this step, pings will be sent with a low TTL value, simulating a destination that is unreachable. Ping Eagle Server, and set the TTL value to 1:

C:\> ping -i 1 192.168.254.254

Pinging 192.168.254.254 with 32 bytes of data: Reply from 172.16.255.254: TTL expired in transit. Reply from 172.16.255.254: TTL expired in transit. Reply from 172.16.255.254: TTL expired in transit. Reply from 172.16.255.254: TTL expired in transit. Ping statistics for 192.168.254.254: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\>

Figure 11. Ping Results for an Exceeded TTL

See Figure 11, which shows ping replies when the TTL value has been exceeded.

What network device responds to pings that exceed the TTL value?

______________________________________________________________________________

Figure 12. Wireshark Capture of TTL Value Exceeded

Wireshark captures to a fictitious destination are shown in Figure 12. Expand the middle Wireshark window and the Internet Control Message Protocol record.

Which ICMP message type is used to return information to the sender?

______________________________________________________________________________

What is the code associated with the message type?

______________________________________________________________________________

Which network device is responsible for decrementing the TTL value?

______________________________________________________________________________

Task 3: Challenge

Use Wireshark to capture a tracert session to Eagle Server and then to 192.168.254.251. Examine the ICMP TTL exceeded message. This will demonstrate how the tracert command traces the network path to the destination.

Page 121: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 6.4: Examining ICMP Packets

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 131 of 247

Task 4: Reflection

The ICMP protocol is very useful when troubleshooting network connectivity issues. Without ICMP messages, a sender has no way to tell why a destination connection failed. Using the ping command, different ICMP message type values were captured and evaluated.

Task 5: Clean Up

Wireshark may have been loaded on the pod host computer. If the program must be removed, click Start > Control Panel > Add or Remove Programs, and scroll down to Wireshark. Click the filename, click Remove, and follow uninstall instructions.

Remove any Wireshark pcap files that were created on the pod host computer.

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 122: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7: Data Link & Physical Layer Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 132 of 247

11B

Lab 7

Data Link & Physical Layer Examination

Page 123: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.1: Frame Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 133 of 247

Lab 7.1: Frame Examination

97BTopology Diagram

99BLearning Objectives

Upon completion of this lab, you will be able to:

• Explain the header fields in an Ethernet II frame.

• Use Wireshark to capture and analyze Ethernet II frames.

100BBackground

When upper layer protocols communicate with each other, data flows down the OSI layers and is encapsulated into a Layer 2 frame. The frame composition is dependent on the media access type. For example, if the upper layer protocol is TCP/IP and the media access is Ethernet, then the Layer 2 frame encapsulation will be Ethernet II.

When learning about Layer 2 concepts, it is helpful to analyze frame header information. The Ethernet II frame header will be examined in this lab. Ethernet II frames can support various upper layer protocols, such as TCP/IP.

101BScenario

Wireshark will be used to capture and analyze Ethernet II frame header fields. If Wireshark has not been loaded on the host pod computer, it can be downloaded from URL HTUftp://eagle-server.example.com/pub/eagle_labs/eagle1/chapter7/UTH, file wireshark-setup-0.99.4.exe.

The Windows ping command will be used to generate network traffic for Wireshark to capture.

Task 1: Explain the Header Fields in an Ethernet II Frame.

The format for an Ethernet II frame is shown in Figure 1.

Figure 1. Ethernet II Frame Format

Page 124: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.1: Frame Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 134 of 247

Figure 2. Wireshark Capture of the ping Command

In Figure 2, the Panel List window shows a Wireshark capture of the ping command between a pod host computer and Eagle Server. The session begins with the ARP protocol querying for the MAC address of the Gateway router, followed by a DNS query. Finally, the ping command issues echo requests.

In Figure 2, the Packet Details window shows Frame 1 detail information. Using this window, the following Ethernet II frame information can be obtained:

Field Value Description

Preamble Not shown in capture.

This field contains synchronizing bits, processed by the NIC hardware.

Destination Address

ff:ff:ff:ff:ff:ff

Source Address 00:16:76:ac:a7:6a

Layer 2 addresses for the frame. Each address is 48 bits long, or 6 bytes, expressed as 12 hexadecimal digits, 0-9,A-F. A common format is 12:34:56:78:9A:BC. The first six hex numbers indicate the manufacturer of the network interface card (NIC). Refer to HTUhttp://www.neotechcc.org/forum/macid.htmUTH for a list of vendor codes. The last six hex digits, ac:a7:6a, are the serial number of the NIC. The destination address may be a broadcast which contains all 1s or unicast. The source address is always unicast.

Frame Type 0x0806 For Ethernet II frames, this field contains a hexadecimal value that is used to indicate the type of upper layer protocol in the data field. There are numerous upper layer protocols supported by Ethernet II. Two

Page 125: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.1: Frame Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 135 of 247

Field Value Description

common frame types are: Value Description 0x0800 IPv4 Protocol 0x0806 Address resolution

protocol (ARP)

Data ARP Contains the encapsulated upper level protocol. The data field is between 46 – 1500 bytes.

FCS Not shown in capture.

Frame Check Sequence, used by the NIC to identify errors during transmission. The value is computed by the sending machine, encompassing frame addresses, type, and data field. It is verified by the receiver.

What is the significance of all 1s in the destination address field?

______________________________________________________________________________ ______________________________________________________________________________

From the information contained in the Packet List window for the first frame, answer the following questions about the destination and source MAC address:

Destination Address:

MAC address: ____________________

NIC manufacturer: ____________________

NIC serial number: ____________________

Source Address:

MAC address: ____________________

NIC manufacturer: ____________________

NIC serial number: ____________________

From the information contained in the Packet List window for the second frame, answer the following questions about the destination and source MAC address:

Destination Address:

MAC address: ____________________

NIC manufacturer: ____________________

NIC serial number: ____________________

Source Address:

MAC address: ____________________

NIC manufacturer: ____________________

Page 126: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.1: Frame Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 136 of 247

NIC serial number: ____________________

Figure 3. Frame 3 Fields

Figure 3 contains an exploded view of the Frame 3 Wireshark capture. Use the information to complete the following table:

Field Value

Preamble

Destination Address

Source Address

Frame Type

Data

FCS

In the following task, Wireshark will be used to capture and analyze packets captured on the pod host computer.

Task 2: Use Wireshark to Capture and Analyze Ethernet II Frames.

Step 1: Configure Wireshark for packet captures.

Prepare Wireshark for captures. Click Capture > Interfaces, and then click the start button that corresponds to the 172.16.x.y interface IP address. This will begin the packet capture.

Step 2: Start a ping to Eagle Server and capture the session.

Open a Windows terminal window. Click Start > Run, type cmd, and click OK.

Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.

C:\> ping eagle-server.example.com

Pinging eagle-server.example.com [192.168.254.254] with 32 bytes of data:

Reply from 192.168.254.254: bytes=32 time<1ms TTL=62 Reply from 192.168.254.254: bytes=32 time<1ms TTL=62 Reply from 192.168.254.254: bytes=32 time<1ms TTL=62 Reply from 192.168.254.254: bytes=32 time<1ms TTL=62

Ping statistics for 192.168.254.254: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:

Page 127: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.1: Frame Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 137 of 247

Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>

Figure 4. Ping to eagle-server.example.com

Ping eagle-server.example.com, as shown in Figure 4. When the command has finished execution, stop Wireshark captures.

Step 3: Analyze the Wireshark capture.

The Wireshark Packet List window should start with an ARP request and reply for the MAC address of the Gateway. Next, a DNS request is made for the IP address of eagle-server.example.com. Finally, the ping command is executed. Your capture should look similar to the one shown in Figure 2.

Use your Wireshark capture of the ping command to answer the following questions:

Pod computer MAC address information:

MAC address: ____________________

NIC manufacturer: ____________________

NIC serial number: ____________________

R2-Central MAC address information:

MAC address: ____________________

NIC manufacturer: ____________________

NIC serial number: ____________________

A student from another school would like to know the MAC address for Eagle Server. What would you tell the student?

What is the Ethernet II frame type value for an ARP Request? ____________________

What is the Ethernet II frame type value for an ARP Reply? ____________________

What is the Ethernet II frame type value for a DNS query? ____________________

What is the Ethernet II frame type value for a DNS query response? ____________________

What is the Ethernet II frame type value for an ICMP echo? ____________________

What is the Ethernet II frame type value for an ICMP echo reply? ____________________

Task 3: Challenge

Use Wireshark to capture sessions from other TCP/IP protocols, such as FTP and HTTP. Analyze the captured packets, and verify that the Ethernet II frame type remains 0x0800.

Page 128: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.1: Frame Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 138 of 247

Task 4: Reflection

In this lab, Ethernet II frame header information was examined. A preamble field contains seven bytes of alternating 0101 sequences, and one byte that signals the beginning of the frame, 01010110. Destination and source MAC addresses each contain 12 hex digits. The first six hex digits contain the manufacturer of the NIC, and the last six hex digits contain the NIC serial number. If the frame is a broadcast, the destination MAC address contains all 1s. A 4-byte frame type field contains a value that indicates the protocol in the data field. For IPv4, the value is 0x0800. The data field is variable and contains the encapsulated upper layer protocol. At the end of a frame, a 4-byte FCS value is used to verify that there were no errors during transmission.

Task 5: Clean Up

Wireshark was installed on the pod host computer. If Wireshark needs to be uninstalled, click Start > Control Panel. Open Add or Remove Programs. Highlight Wireshark, and click Remove.

Remove any files created on the pod host computer during the lab.

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 129: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.2: Media Connectors

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 139 of 247

15BLab 7.2: Media Connectors

Typical Cable Meter

102BLearning Objectives

Upon completion of this lab, you will be able to:

• Test cables using a cable tester and a network multimeter

• Become familiar with the most common functions of a cable tester.

• Test different cables for type and wiring problems.

103BBackground

Category (CAT 5) unshielded twisted-pair (UTP) cables are wired according to function. End devices, such as routers and host computers, connect to switches with CAT 5 straight-through cables. When connected together, however, a CAT 5 crossover cable must be used. This is also true of switches. When connecting one switch to another, a CAT 5 crossover cable is used again.

Problems related to cables are one of the most common causes of network failure. Basic cable tests can be very helpful in troubleshooting cabling problems with UTP. The quality of cabling components used, the routing and installation of the cable, and quality of the connector terminations will be the main factors in determining how trouble-free the cabling will be.

The following resources are required:

• Good CAT 5 straight-through and crossover wired cables of different colors.

• Category 5 straight-through and crossover wired cables with open wire connections in the middle or one or more conductors shorted at one end that are different colors and different lengths.

• A cable meter.

• A network multimeter

Page 130: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.2: Media Connectors

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 140 of 247

TIA/EIA 568B is different from TIA/EIA 568A wiring. TIA/EIA 568A straight-through cables can be identified by the color coding. Similar to Figure 2, below, the right wiring diagram, starting with the green-white cable, will be identical on both ends.

104BScenario

First, you will visually determine whether the CAT 5 cable type is crossover or straight-through. Next, you will use the cable tester to verify the cable type, as well as common features available with the tester.

Finally, you will use the cable tester to test for bad cables that cannot be determined with a visual inspection.

Task 1: Become Familiar with the Most Common Functions of a Cable Tester.

TIA/EIA 568B CAT 5 UTPTIA/EIA 568B CAT 5 UTP

1 2 3 4 5 6 7 81 2 3 4 5 6 7 8 1 2 3 4 5 6 7 81 2 3 4 5 6 7 8

Straight ThroughStraight Through

CrossoverCrossover

TIA/EIA 568B CAT 5 UTPTIA/EIA 568B CAT 5 UTP

1 2 3 4 5 6 7 81 2 3 4 5 6 7 8 1 2 3 4 5 6 7 81 2 3 4 5 6 7 8

Figure 1. Straight-through Wire Location Figure 2. Crossover Wire Location

Figures 1 and 2 show the TIA/EIA 568B CAT 5 UTP wire positioning for a straight-through and crossover cable, respectively. When CAT 5 connectors are held together, wire color is a quick way to determine the cable type.

Step 1: Visually determine cable types.

There should be two numbered cables available. Perform a visual inspection of the cables and then fill out the chart below with the cable color, cable type, and use:

Cable

No. Cable

Color

Cable Type (straight-through or crossover)

Cable Use (Circle correct device)

1 Switch to: host / switch

2 Switch to: host / switch

It is now time to verify the cable type and learn about the common features of the cable tester.

Page 131: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.2: Media Connectors

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 141 of 247

Step 2: Perform initial configuration of the cable meter.

Place the cable meter in wire map mode. Refer to the instruction manual if necessary. The wire map function displays which pins on one end of the cable are connected to which pins on the other end.

Refer to the instruction manual and choose the appropriate options until the tester is set to the following cabling settings:

Tester Option Desired Setting – UTP CABLE: UTP

WIRING: 10BASE-T or EIA/TIA 4PR

CATEGORY: CATEGORY 5

WIRE SIZE AWG 24

CAL to CABLE? NO

BEEPING: ON or OFF

LCD CONTRAST

From 1 through 10 (brightest)

When satisfied with the correct settings, exit setup mode.

Step 3: Verify cable wire map.

Figure 3. Cable Coupler and Cable Identifier

Use the following procedure to test each cable with the LAN cable coupler and cable identifier, shown in Figure 3. The coupler and the cable identifier are accessories that come with many cable meters.

Place the near end of the cable into the RJ-45 jack labeled UTP/FTP on the tester. Place the RJ-45-RJ-45 female coupler on the far end of the cable, and then insert the cable identifier into the other side of the coupler.

The wiring of both the near and far end of the cable will be displayed. The top set of numbers displayed on the LCD screen refers to the near end, and the bottom set of numbers refers to the far end.

Perform a Wire Map test on each of the cables provided, and fill in the following table based on the results. For each cable, write down the number and color, and whether the cable is straight-through or crossover.

Cable

No. Cable

Color

Cable

Type (straight-through

or crossover)

1

2

Note any problems encountered during this test:

Page 132: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.2: Media Connectors

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 142 of 247

Step 4: Verify cable length.

Refer to the instruction manual to place the cable meter in the TEST mode. If power was cycled, repeat the setup steps described in Step 2. The tester LENGTH function displays the length of the cable.

Perform a basic cable test on each of the cables, and complete the following table based on the results. For each cable, write down the number and color, the cable length, the tester screen test results, and what the problem is, if there is a problem.

Cable

No. Cable

Color

Cable

Length

1

2

Note any problems encountered during this test:

Repeat these steps until you are comfortable with the use of the cable tester. In the next task, unknown cables will be tested.

Task 2: Test Different Cables for Type and Wiring Problems.

Obtain at least 5 different cables from your instructor. Move the rotary switch selector on the tester to the WIRE MAP position. If power was cycled, repeat the setup steps described in Task 1, Step 2.

Refer to the instructions to place the cable tester WIRE MAP function to perform a Wire Map test on each of the cables provided. Then fill in the following table based on the result for each Category 5 cable tested. For each cable, write down the number and color, whether the cable is straight-through or crossover, the tester screen test results, and any problem.

Cable

No. Cable Type (Visual inspection)

Cable Color Cable type (straight-through or crossover)

* Test

Results Problem

Description

1

2

3

4

5

* Refer to the product manual for detailed description of test results for wire map.

Page 133: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.2: Media Connectors

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 143 of 247

Task 3: Perform initial configuration of the network multimeter

Typical network multimeter

Step 1: Turn the network multimeter on.

Step 2: Turn it back off.

Step 3: Place both ends of the cable into the LAN and MAP ports or equivalent located on top of the network multimeter and turn it on.

If it is a correct straight-through cable then two parallel lines (as shown below) will appear on the upper left corner on the screen. Refer to the operating instructions if your multimeter does not display two parallel lines in this and the following steps.

If it is a correct crossover cable then two intersecting lines (as shown below) will appear on the upper left corner on the screen.

If it is a bad cable, will appear and details will be displayed below.

Page 134: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.2: Media Connectors

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 144 of 247

Open

Short

Split

Reversal

Unknown

Task 4: Verify Cable Length

Note: The instructions to test a cable are the same as determining cable length.

Step 1: Turn the network multimeter on.

Step 2: Turn it back off.

Step 3: Place both ends of the cable into the LAN and MAP ports located on top of the network multimeter and turn it on.

Step 4: Locate the length of the cable below the icon indicating the type of cable (as shown below).

Task 5: Reflection

Problems related to cables are one of the most common causes of network failure. Network technicians should be able to determine when to use CAT 5 UTP straight-through and crossover cables.

A cable tester is used to determine cable type, length, and wire map. In a lab environment, cables are constantly moved and reconnected. A properly functioning cable today may be broken tomorrow. This isn’t unusual, and is part of the learning process.

Task 6: Challenge

Look for opportunities to test other cables with the cable meter. Skills learned in this lab will enable you to quickly troubleshoot wrong cable types and broken cables.

Task 7: Clean Up

The cable tester is very expensive and should never be left unattended. Return the cable tester to the instructor when finished.

Ask the instructor where to return used cables. Store the cables neatly for the next class.

Page 135: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.3: Address Resolution Protocol (ARP)

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 145 of 247

16BLab 7.3: Address Resolution Protocol (ARP)

105BTopology Diagram

107BLearning Objectives

Upon completion of this lab, you will be able to:

• Use Windows arp command.

• Use Wireshark to examine ARP exchanges.

108BBackground

Address Resolution Protocol (ARP) is used by TCP/IP to map a Layer 3 IP address to a Layer 2 MAC address. When a frame is placed on the network, it must have a destination MAC address. To dynamically discover the MAC address to the destination device, an ARP request is broadcast on the LAN. The device that contains the destination IP address responds, and the MAC address is recorded in ARP cache. Every device on the LAN keeps its own ARP cache, or small area in RAM that holds ARP results. An ARP cache timer removes ARP entries that have not been used for a certain period of time. Depending on the device, times differ. For example, some Windows operating systems store ARP cache entries for 2 minutes. If the entry is used again during that time, the ARP timer for that entry is extended to 10 minutes.

ARP is an excellent example in performance tradeoff. With no cache, ARP must continually request address translations each time a frame is placed on the network. This adds latency to the communication and could congest the LAN. Conversely, unlimited hold times could cause errors with devices that leave the network or change the Layer 3 address.

A network engineer needs to be aware of ARP but may not interact with the protocol on a regular basis. ARP is a protocol that enables network devices to communicate with the TCP/IP protocol. Without ARP, there is no efficient method to build the datagram Layer 2 destination address. Also, ARP is a potential security risk. ARP spoofing, or ARP poisoning, is a technique used by an attacker to inject the wrong MAC address association in a network. An attacker forges the MAC address of a device, and frames are sent to the wrong destination. Manually configuring static ARP associations is one way to prevent ARP spoofing. Finally, an authorized MAC address list may be configured Cisco devices to restrict network access to only approved devices.

Page 136: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.3: Address Resolution Protocol (ARP)

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 146 of 247

109BScenario

With a pod host computer, use the Windows arp utility command to examine and change ARP cache entries.

In Task 2, Wireshark will be used to capture and analyze ARP exchanges between network devices. If Wireshark has not been loaded on the host pod computer, it can be downloaded from URL HTUftp://eagle-server.example.com/pub/eagle_labs/eagle1/chapter9/UTH, file wireshark-setup-0.99.4.exe.

Task 1: Use the Windows arp Command.

Step 1: Access the Windows terminal.

C:\> arp

Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP). ARP -s inet_addr eth_addr [if_addr] ARP -d inet_addr [if_addr] ARP -a [inet_addr] [-N if_addr] -a Displays current ARP entries by interrogating the current protocol data.

If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed.

-g Same as -a. inet_addr Specifies an internet address. -N if_addr Displays the ARP entries for the network interface specified by if_addr. -d Deletes the host specified by inet_addr. inet_addr may be wildcarded

with * to delete all hosts. -s Adds the host and associates the Internet address inet_addr with the

Physical address eth_addr. The Physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent.

eth_addr Specifies a physical address. if_addr If present, this specifies the Internet address of the interface whose

address translation table should be modified. If not present, the first applicable interface will be used.

Example: > arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry. > arp -a .... Displays the arp table. C:\>

Figure 1. arp Command Syntax

1. Open a Windows terminal by clicking Start > Run. Type cmd, and click OK. With no options, the arp command will display useful help information. See Figure 1.

2. Issue the arp command on the pod host computer, and examine the output.

3. Answer the following questions about the arp command:

Page 137: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.3: Address Resolution Protocol (ARP)

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 147 of 247

What command would be used to display all entries in ARP cache? ________________________________________

What command would be used to delete all ARP cache entries (flush ARP cache)? ________________________________________

What command would be used to delete the ARP cache entry for 172.16.255.254? ________________________________________

Step 2: Use the arp command to examine local ARP cache.

C:\> arp -a

No ARP Entries Found C:\>

Figure 2. Empty ARP Cache

Without any network communication, the ARP cache should be empty. This is shown in Figure 2.

Issue the command that displays ARP entries. What are the results?

______________________________________________________________________________

______________________________________________________________________________

Step 3: Use the ping command to dynamically add entries in the ARP cache.

The ping command can be used to test network connectivity. By accessing other devices, ARP associations are dynamically added to ARP cache.

C:\> ping 172.16.1.2 Pinging 172.16.1.2 with 32 bytes of data: Reply from 172.16.1.2: bytes=32 time<1ms TTL=128 Reply from 172.16.1.2: bytes=32 time<1ms TTL=128 Reply from 172.16.1.2: bytes=32 time<1ms TTL=128 Reply from 172.16.1.2: bytes=32 time<1ms TTL=128 Ping statistics for 172.16.1.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\>

Figure 3. ping Command to a Pod Host Computer

1. Use the command ipconfig /all to verify the pod host computer’s Layer 2 and Layer 3 information.

2. Issue the ping command to another pod host computer, shown in Figure 3. Figure 4 shows the new ARP cache entry.

C:\> arp -a Interface: 172.16.1.1 --- 0x60004 Internet Address Physical Address Type

Page 138: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.3: Address Resolution Protocol (ARP)

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 148 of 247

172.16.1.2 00-10-a4-7b-01-5f dynamic C:\>

Figure 4. Display of ARP Cache

How was the ARP entry added to the ARP cache? Hint: review the Type column. ________________________________________

What is the physical address of the destination pod host computer? ________________________________________.

What is the physical address of the destination pod host computer?

IP Address Physical Address How

Discovered?

3. Do not send any traffic to the computer accessed previously. Wait between 2 and 3 minutes,

and check ARP cache again. Was the ARP cache entry cleared? __________

4. Issue the ping command to the Gateway, R2-Central. Examine ARP cache entry. What is the physical address of the Gateway? ________________________________________

IP Address Physical Address How Discovered?

Issue the ping command to Eagle Server, eagle-server.example.com. Examine ARP cache entry. What is the physical address of Eagle Server? ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

Step 4: Manually adjust entries in the ARP cache.

To delete entries in ARP cache, issue the command arp –d {inet-addr | *}. Addresses can be deleted individually by specifying the IP address, or all entries can be deleted with the wildcard *.

Verify that the ARP cache contains two entries: one for the Gateway and one to the destination pod host computer. It may be easier to ping both devices more than once, which will retain the cache entry for approximately 10 minutes.

Page 139: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.3: Address Resolution Protocol (ARP)

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 149 of 247

C:\> arp –a

Interface: 172.16.1.1 --- 0x60004 Internet Address Physical Address Type 172.16.1.2 00-10-a4-7b-01-5f dynamic 172.16.255.254 00-0c-85-cf-66-40 dynamic C:\> C:\>arp -d 172.16.255.254 C:\> arp -a Interface: 172.16.1.1 --- 0x60004 Internet Address Physical Address Type 172.16.1.2 00-10-a4-7b-01-5f dynamic C:\>

Figure 5. Manually Removing an ARP Cache Entry

See Figure 5, which shows how to manually delete an ARP cache entry.

1. On your computer, first verify that the two entries are present. If not, ping the missing entry.

2. Next, delete the entry for the pod host computer.

3. Finally, verify your change.

4. Record the two ARP cache entries:

Device IP Address Physical Address How

Discovered?

Write the command that will delete the entry for the pod host computer: ______________________________________________________________________________

5. Issue the command on your pod host computer. Record the remaining ARP cache entry:

Device IP Address Physical Address How

Discovered?

6. Simulate removing all entries. Write the command that will delete all entries in ARP cache:

________________________________________

7. Issue the command on your pod host computer, and examine the ARP cache with the command arp -a. All entries should be removed.

________________________________________

8. Consider a secure environment where the Gateway controls access to a web server that contains Top Secret information. What is one layer of security that can be applied to ARP cache entries that could aid in countering ARP spoofing?

Page 140: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.3: Address Resolution Protocol (ARP)

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 150 of 247

________________________________________

9. Write the command that will add a static ARP entry for the Gateway to ARP cache:

________________________________________

10. Examine the ARP cache again, and fill in the following table:

IP Address Physical Address Type

For the next task, Wireshark will be used to capture and examine an ARP exchange. Do not close the Windows terminal—it will be used to view the ARP cache.

Task 2: Use Wireshark to Examine ARP Exchanges .

Step 1: Configure Wireshark for packet captures.

Prepare Wireshark for captures.

1. Click Capture > Options.

2. Select the Interface that corresponds to the LAN.

3. Check the box to Update list of packets in real time.

4. Click Start.

This will begin the packet capture.

Step 2: Prepare the pod host computer for ARP captures.

1. If not already completed, open a Windows terminal window by clicking Start > Run. Type cmd, and click OK.

2. Flush the ARP cache, which will require ARP to rediscover address maps. Write the command that you used:

________________________________________

Step 3: Capture and evaluate ARP communication.

In this step, one ping request will be sent to the Gateway, and one ping request will be sent to Eagle Server. Afterward, Wireshark capture will be stopped and the ARP communication evaluated.

1. Send one ping request to the Gateway, using the command ping –n 1 172.16.255.254.

2. Send one ping request to Eagle Server, using the command ping –n 1 192.168.254.254.

Page 141: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.3: Address Resolution Protocol (ARP)

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 151 of 247

Figure 6. Wireshark Capture of ARP Communication

3. Stop Wireshark and evaluate the communication. You should see a Wireshark screen similar to the screen shown in Figure 6. The Wireshark Packet list window displays the number of packets captured. The Packet Details Window shows ARP protocol contents.

4. Using your Wireshark capture, answer the following questions:

What was the first ARP packet? ________________________________________

What was the second ARP packet? ________________________________________

Fill in the following table with information about the first ARP packet:

Field Value

Sender MAC address

Sender IP address

Target MAC address

Target IP address

Fill in the following table with information about the second ARP packet:

Field Value

Sender MAC address

Sender IP address

Target MAC address

Target IP address

If the Ethernet II frame for an ARP request is a broadcast, why does the Target MAC address contain all 0s? _________________________________________________________________

Why was there no ARP request for the ping to Eagle Server?

________________________________________________________________________

________________________________________________________________________

Page 142: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 7.3: Address Resolution Protocol (ARP)

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 152 of 247

How long should the Gateway mapping be stored in ARP cache on the pod host computer? Why?

________________________________________________________________________

________________________________________________________________________

Task 3: Reflection

The ARP protocol maps Layer 3 IP addresses to Layer 2 MAC addresses. If a packet must move across networks, the Layer 2 MAC address changes with each hop across a router, but the Layer 3 address never changes.

ARP cache stores ARP address mappings. If the entry was learned dynamically, it will eventually be deleted from cache. If the entry was manually inserted in ARP cache, it is a static entry and will remain until the computer is turned off or the ARP cache is manually flushed.

Task 4: Challenge

Using outside resources, perform a search on ARP spoofing. Discuss several techniques used to counter this type of attack.

Most wireless routers support wireless network access. Using this technique, MAC addresses that are permitted access to the wireless network are manually added to the wireless router. Using outside resources, discuss the advantages of configuring wireless network access. Discuss ways that attackers can circumvent this security.

Task 5: Clean Up

Wireshark was installed on the pod host computer. If Wireshark needs to be uninstalled, click Start

> Control Panel. Open Add or Remove Programs. Highlight Wireshark, and click Remove.

Remove any files created on the pod host computer during the lab.

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 143: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8: Introducing: LAN & WAN

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 153 of 247

LAB 8

Introducing LAN & WAN

Page 144: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.1: Cisco Switch MAC Table Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 154 of 247

Lab 8.1: Cisco Switch MAC Table Examination

110BTopology Diagram

112BLearning Objectives

Upon completion of this lab, you will be able to:

• Use the Telnet protocol to log into a Cisco Switch.

• Use the Cisco IOS show mac-address-table command to examine MAC address and port associations.

113BBackground

Switches maintain a table of MAC addresses and associated switch port. When a switch receives a frame, the destination MAC address is checked against the table, and the corresponding port is used to route the frame out of the switch. If a switch does not know which port to route the frame, or the frame is a broadcast, then the frame is routed out all ports except the port where it originated.

Access to Cisco devices can be accomplished through several means. A console port can be used if the Cisco router or switch is within the same physical proximity of a computer. Using Windows hyperterm utility, a serial connection can be established. For devices physically distant from the network engineer, network connectivity can be established through two means. If the network is not secure, a modem configured on the AUX port enables telephone access. For secure networks, the Cisco device can be configured for a Telnet session. In this lab, the student will connect to the switch via a Telnet session.

Lab

• Telnet to S1-Central.

• Log in with student account.

• Use show mac-address-table command to examine the mac addresses and association to ports.

114BScenario

Use the Cisco IOS show mac-address-table command to examine the switch MAC address table and other address-related information.

Page 145: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.1: Cisco Switch MAC Table Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 155 of 247

Telnet is a network service that uses a client-server model. Cisco IOS devices provide a default Telnet server, and operating systems such as Windows have built-in Telnet clients. Using Telnet, network engineers can log into network devices from anywhere across a secure network. The Cisco device must be configured for Telnet access, otherwise it is denied. In Eagle 1, limited privileges have been configured for student use.

Task 1: Use the Telnet Protocol to Log in to a Cisco Switch.

Step 1: Access the Windows terminal.

Open a Windows terminal by clicking Start > Run. Type cmd, and click OK.

Step 2: Use the Windows Telnet client to access S1-Central.

S1-Central has been configured with 11 student accounts, ccna1 through ccna11. To provide access to each student, use the userid corresponding to your pod. For example, for host computers on pod 1, use userid ccna1. Unless directed otherwise by your instructor, the password is cisco.

1. From the Windows terminal, issue the Telnet command, telnet destination-ip-address:

C:/> telnet 172.16.254.1

An access prompt will be displayed, similar to the one shown in Figure 1.

******************************************************************* This is Lab switch S1-Central. Authorized access only. ******************************************************************* User Access Verification Username: ccna1 Password: cisco (*hidden*) S1-Central#

Figure 1. Telnet Client

2. Enter the applicable user name. When the password prompt appears, type cisco <ENTER>. The S1-Central# prompt should appear.

Task 2: Use the Cisco IOS show mac-address-table Command to Examine MAC Addresses

and Port Associations.

Step 1: Examine the switch MAC address table.

1. Issue the command show mac-address-table ? <ENTER>. This will output all options for the command.

2. Use the following table to fill in the command options:

Option Description

Page 146: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.1: Cisco Switch MAC Table Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 156 of 247

Step 2: Examine dynamic MAC address table entries.

1. Issue the command show mac-address-table.

This command will display static (CPU) and dynamic, or learned, entries.

2. List the MAC addresses and corresponding switch ports:

MAC Address Switch Port

Suppose there was a hub with five active hosts connected to switch port gi0/0. How many MAC addresses would be listed for switch port gi0/0? __________

Step 3: Examine MAC address table aging time.

1. Issue the command show mac-address-table aging-time. This command will display the default time, in seconds, that MAC address entries are stored.

2. What is the default aging time for VLAN 1? __________

Task 3: Challenge

What would be the result if the MAC address table was flushed of dynamic entries?

Page 147: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.1: Cisco Switch MAC Table Examination

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 157 of 247

______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

Task 4: Reflection

Using the Telnet protocol, network engineers can access Cisco devices remotely across secure LANs. This has the benefit of permitting access to remote devices for troubleshooting and monitoring purposes.

A switch contains a MAC address table that lists the MAC address connected to each switch port. When a frame enters the switch, the switch performs a lookup of the frame destination MAC address. If there is a match in the MAC address table, the frame is routed out the corresponding port. Without a MAC address table, the switch would have to flood the frame out each port.

Task 5: Clean Up

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 148: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.2: Intermediary Device as an End Device

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 158 of 247

18BLab 8.2: Intermediary Device as an End Device

115BTopology Diagram

117BLearning Objectives

Upon completion of this lab, you will be able to:

• Use Wireshark to capture and analyze frames originating from network nodes.

• Examine the origination of frames in a small network.

118BBackground

A switch is used to route frames between network devices. A switch does not normally originate the frame to node devices. Rather, a switch efficiently passes the frame from one device to another in the LAN.

119BScenario

Wireshark will be used to capture and analyze Ethernet frames. If Wireshark has not been loaded on the host pod computer, it can be downloaded from URL HTUftp://eagle-

server.example.com/pub/eagle_labs/eagle1/chapter9/UTH, file wireshark-setup-0.99.4.exe.

In this lab you will ping a neighbor’s pod host computer.

Write down the IP address and port connection on S1-Central for the neighbor’s pod host computer:

IP Address: _________________________________ S1-Central port number: ___________

Task 1: Use Wireshark to Capture and Analyze Frames Originating From Network Nodes.

Step 1: Configure Wireshark for packet captures.

Prepare Wireshark for captures.

1. Click Capture > Options.

2. Select the Interface that corresponds to the LAN.

3. Check the box to Update list of packets in real time.

4. Click Start.

Page 149: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.2: Intermediary Device as an End Device

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 159 of 247

This will begin the packet capture. During this capture there will probably be more than 200 captures, making analysis a bit tedious. The critical Telnet conversation between the pod host computer and S1-Central will be easy to filter.

Step 2: Use the Windows Telnet client to access S1-Central.

S1-Central has been configured with 11 student accounts, ccna1 through ccna11. To provide access to each student, use the userid corresponding to your pod. For example, for host computers on pod 1, use userid ccna1. Unless directed otherwise by your instructor, the password is cisco.

1. From the Windows terminal, issue the Telnet command, telnet destination-ip-address:

C:/> telnet 172.16.254.1

2. Enter the appropriate user name and password, cisco.

The S1-Central prompt should be returned, S1-Central#.

Step 3: Clear the MAC address table.

1. Examine the switch MAC address table with the command show mac-address-table. In addition to several static CPU entries, there should be numerous dynamic address table entries.

2. To clear dynamic MAC address table entries, use the clear mac-address-table dynamic command.

3. List the dynamic MAC address entries:

MAC Address Switch Port

4. Open a second terminal window. Ping your neighbor’s IP address, which was recorded earlier:

C:>\ ping –n 1 ip-address

5. The MAC address for this computer should be dynamically added in the S1-Central MAC address table.

6. Again list the dynamic MAC address entries:

MAC Address Switch Port

What conclusion can be made about how a switch learns MAC addresses connected to switch interfaces?

Page 150: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.2: Intermediary Device as an End Device

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 160 of 247

______________________________________________________________________________ ______________________________________________________________________________

7. Close Wireshark capture.

The capture will be analyzed in the next task.

Task 2: Examine the Origination of Frames in a Small Network.

Step 1: Examine a Telnet session to S1-Central.

1. Highlight one of the Telnet session packets. On Wireshark menu, click Analyze | Follow

TCP Stream. A stream content window will open, default display ASCII. If the username and passwords are not visible, switch to HEX Dump.

2. Verify the username and password that you entered: Username: ___________________________ Password: __________

3. Close the stream content window.

Step 2: Examine output of the show mac-address-table command.

1. Open Notepad. Captured data will be transferred to Notepad for analysis. There may be numerous packets that were captured.

2. In the top Wireshark Packet List pane, scroll down to the captured ICMP request. If the bottom Wireshark Packet Byte window is not visible, click View > Packet bytes.

Figure 1. Wireshark Capture of Telnet

See Figure 1, a partial output of the Wireshark capture:

Select the last Telnet data packet from S1-Central before the ping command. Next, select the corresponding Packet byte. Right-click the Packet byte and click Copy > Text

only. In Notepad, click Edit > Paste. Dynamic mappings should be similar to the following output:

Page 151: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.2: Intermediary Device as an End Device

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 161 of 247

{_lEMaNL;RPC Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- All 000f.f79f.6cc0 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU 1 0010.a47b.015f DYNAMIC Fa0/1 Total Mac Addresses for this criterion: 5 S1-Central#

3. Write down the MAC address and Port number displayed in the output. Does the switch port correspond to your pod host computer? __________

MAC Address Type Port

Why is your pod host computer mapping still in the MAC address table, despite having been cleared? ______________________________________________________________________________ ______________________________________________________________________________

Select the last Telnet data packet immediately after the ping reply. Next, select the corresponding Packet byte. Right-click the Packet byte and click Copy > Text only. In Notepad, click Edit > Paste. Text should be similar to the following Paste action:

{_lEPaNM;VP Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- All 000f.f79f.6cc0 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU 1 0010.a47b.015f DYNAMIC Fa0/1 1 0016.76ac.a76a DYNAMIC Fa0/2 Total Mac Addresses for this criterion: 6 S1-Central#

4. Write down the MAC address and Port number for the second dynamic displayed in the output. Does the switch port correspond to your neighbor’s pod host computer?

__________

Page 152: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.2: Intermediary Device as an End Device

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 162 of 247

MAC Address Type Port

Task 3: Reflection

The Wireshark capture of a Telnet session between a pod host computer and S1-Central was analyzed to show how a switch dynamically learns about nodes directly connected to it.

Task 4: Challenge

Use Wireshark to capture and analyze a Telnet session between the pod host computer and the Cisco switch. Use the Wireshark menu option Analyze > Follow TCP Stream to view the login user ID and password. How secure is the Telnet protocol? What can be done to make communication with Cisco devices more secure?

______________________________________________________________________________

______________________________________________________________________________

Task 5: Clean Up

Wireshark was installed on the pod host computer. If Wireshark needs to be uninstalled, click Start > Control Panel. Open Add or Remove Programs. Select Wireshark, and click Remove.

Remove any files created on the pod host computer during the lab.

Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

19BLab 8.3: How Many Networks?

120BLearning Objectives

Upon completion of this lab, you will be able to:

• Determine the number of subnets.

• Design an appropriate addressing scheme.

• Assign addresses and subnet mask pairs to device interfaces.

• Examine the use of the available network address space.

121BScenario

In this lab, you have been given the network address 192.168.26.0/24 to subnet and provide the IP addressing for the networks shown in the Topology Diagrams. You must determine the number of networks needed then design an appropriate addressing scheme. Place the correct address and mask in the Addressing Table. In this example, the number of hosts is not important. You are only required to determine the number of subnets per topology example.

Page 153: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.3: How Many Networks?

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 163 of 247

122BTopology Diagram A

Task 1: Determine the Number of Subnets in the Topology Diagram. Step 1: How many networks are there? ____ Step 2: How many bits should you borrow to create the required number of subnets? ____ Step 3: How many usable host addresses per subnet did this give you? ____ Step 4: What is the new subnet mask in decimal form? _____________________________

Step 5: How many subnets are available for future use? ____

Task 2: Record Subnet Information.

Step 1: Fill in the following chart with the subnet information.

Subnet

Number

Subnet

Address

First Usable

Host Address

Last Usable

Host Address

Broadcast

Address

0

1

2

3

4

5

6

7

Page 154: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.3: How Many Networks?

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 164 of 247

123BTopology Diagram B

Task 3: Determine the Number of Subnets in the Topology Diagram. Step 1: How many networks are there? ____ Step 2: How many bits should you borrow to create the required number of subnets? ____ Step 3: How many usable host addresses per subnet did this give you? ____ Step 4: What is the new subnet mask in decimal form? _____________________________

Step 5: How many subnets are available for future use? ____

Task 4: Record Subnet Information.

Step 1: Fill in the following chart with the subnet information.

Subnet

Number

Subnet

Address

First Usable

Host Address

Last Usable

Host Address

Broadcast

Address

0

1

2

3

4

5

6

7

Fa0/0 Fa0/0

Page 155: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.3: How Many Networks?

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 165 of 247

124BTopology Diagram C

Task 5: Determine the Number of Subnets in the Topology Diagram. Step 1: How many networks are there? ____ Step 2: How many bits should you borrow to create the required number of subnets? ____ Step 3: How many usable host addresses per subnet did this give you? ____ Step 4: What is the new subnet mask in decimal form? _____________________________

Step 5: How many subnets are available for future use? ____

Task 6: Record Subnet Information.

Step 1: Fill in the following chart with the subnet information.

Subnet

Number

Subnet

Address

First Usable

Host Address

Last Usable

Host Address

Broadcast

Address

0

1

2

3

4

5

6

7

8

9

10

Page 156: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.3: How Many Networks?

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 166 of 247

Topology Diagram D

Task 7: Determine the Number of Subnets in the Topology Diagram. Step 1: How many networks are there? ____ Step 2: How many bits should you borrow to create the required number of subnets? ____ Step 3: How many usable host addresses per subnet did this give you? ____ Step 4: What is the new subnet mask in decimal form? _____________________________

Step 5: How many subnets are available for future use? ____

Task 8: Record Subnet Information.

Step 1: Fill in the following chart with the subnet information.

Subnet

Number

Subnet

Address

First Usable

Host Address

Last Usable

Host Address

Broadcast

Address

0

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

Fa1/0

Page 157: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.3: How Many Networks?

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 167 of 247

Subnet

Number

Subnet

Address

First Usable

Host Address

Last Usable

Host Address

Broadcast

Address

16

Reflection What information is needed when determining an appropriate addressing scheme for a network? _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________

Page 158: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.3: How Many Networks?

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 168 of 247

Page 159: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.4: Creating a Small Lab Topology

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 169 of 247

20BLab 8.4: Creating a Small Lab Topology

125BTopology Diagram

126BLearning Objectives

Upon completion of this lab, you will be able to:

• Design the logical network.

• Configure the physical lab topology.

• Configure the logical LAN topology.

• Verify LAN connectivity.

127BBackground

Hardware Qty Description

Cisco Router 1 Part of CCNA Lab bundle

Cisco Switch 1 Part of CCNA Lab bundle

*Computer (host) 3 Lab computer

Cat-5 or better straight-through UTP cables

3 Connects Router1 and computers Host1 and Host2 to Switch1

Cat-5 crossover UTP cable 1 Connects computer Host1 to Router1

Table 1. Equipment and Hardware for Lab

Gather the necessary equipment and cables. To configure the lab, refer to the equipment and hardware listed in Table 1.Scenario.

In this lab you will create a small network that requires connecting network devices and configuring host computers for basic network connectivity. SubnetA and SubnetB are subnets that are currently needed. SubnetC and SubnetD are anticipated subnets, not yet connected to the network. The 0 P

thP subnet will be used.

Note: Appendix 1 contains a subnet chart for the last IP address octet.

Page 160: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.4: Creating a Small Lab Topology

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 170 of 247

Task 1: Design the Logical Network.

Given an IP address and mask of 172.20.0.0 / 24 (address / mask), design an IP addressing scheme that satisfies the following requirements:

Subnet Number of Hosts

SubnetA 2

SubnetB 6

SubnetC 47

SubnetD 125

Host computers from each subnet will use the first available IP address in the address block. Router interfaces will use the last available IP address in the address block.

Step 1: Design SubnetD address block.

Begin the logical network design by satisfying the requirement of SubnetD, which requires the largest block of IP addresses. Refer to the subnet chart, and pick the first address block that will support SubnetD.

Fill in the following table with IP address information for SubnetD:

Network

Address

Mask First Host

Address

Last Host

Address

Broadcast

What is the bit mask in binary? __________________________________________________

Step 2: Design SubnetC address block.

Satisfy the requirement of SubnetC, the next largest IP address block. Refer to the subnet chart, and pick the next available address block that will support SubnetC.

Fill in the following table with IP address information for SubnetC:

Network

Address

Mask First Host

Address

Last Host

Address

Broadcast

What is the bit mask in binary? __________________________________________________

Step 3: Design SubnetB address block.

Satisfy the requirement of SubnetB, the next largest IP address block. Refer to the subnet chart, and pick the next available address block that will support SubnetB.

Fill in the following table with IP address information for SubnetB:

Page 161: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.4: Creating a Small Lab Topology

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 171 of 247

Network

Address

Mask First Host

Address

Last Host

Address

Broadcast

What is the bit mask in binary? ________________________________________________________

Step 4: Design SubnetA address block.

Satisfy the requirement of SubnetA. Refer to the subnet chart, and pick the next available address block that will support SubnetA.

Fill in the following table with IP address information for SubnetA:

Network

Address

Mask First Host

Address

Last Host

Address

Broadcast

What is the bit mask in binary?

________________________________________________________

Task 2: Configure the Physical Lab Topology.

Step 1: Physically connect devices.

Figure 1. Cabling the Network

Cable the network devices as shown in Figure 1.

What cable type is needed to connect Host1 to Router1, and why?

______________________________________________________________________________

Page 162: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.4: Creating a Small Lab Topology

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 172 of 247

______________________________________________________________________________

If not already enabled, turn power on to all devices.

Step 2: Visually inspect network connections.

After cabling the network devices, take a moment to verify the connections. Attention to detail now will minimize the time required to troubleshoot network connectivity issues later. Ensure that all switch connections show green. Any switch connection that does not transition from amber to green should be investigated. Is the power applied to the connected device? Is the correct cable used? Is the correct cable good? What type of cable connects Router1 interface Fa0/0 to Host1?

________________________________

What type of cable connects Router1 interface Fa0/1 to Switch1?

______________________________

What type of cable connects Host2 to Switch1?

_____________________________________________

What type of cable connects Host3 to Switch1?

_____________________________________________

Is all equipment turned on? __________

Task 3: Configure the Logical Topology.

Step 1: Document logical network settings.

The host computer Gateway IP address is used to send IP packets to other networks. Therefore, the Gateway address is the IP address assigned to the router interface for that subnet.

From the IP address information recorded in Task 1, write down the IP address information for each computer:

Host1

IP Address

IP Mask

Gateway Address

Host2

Page 163: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.4: Creating a Small Lab Topology

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 173 of 247

IP Address

IP Mask

Gateway Address

Host3

IP Address

IP Mask

Gateway Address

Step 2: Configure Host1 computer.

On Host1, click Start > Control Panel > Network Connections. Right-click the Local Area

Connection device icon and choose Properties.

On the General tab, select Internet Protocol (TCP/IP), and then click the Properties button.

Figure 2. Host1 IP Address and Gateway Settings

Refer to Figure 2 for Host1 IP address and gateway settings. Manually enter the following information, recorded in Step 1, above:

IP address: Host1 IP address Subnet mask: Host1 subnet mask Default gateway: Gateway IP address

When finished, close the Internet Protocols (TCP/IP) Properties window by clicking OK. Close the Local Area Connection window. Depending on the Windows operating system, the computer may require a reboot for changes to be effective.

Step 3: Configure Host2 and Host3 computers.

Repeat Step 2 for computers Host2 and Host3, using the IP address information for those computers.

Page 164: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.4: Creating a Small Lab Topology

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 174 of 247

Task 4: Verify Network Connectivity.

Verify with your instructor that Router1 has been configured. Otherwise, connectivity will be broken between LANs. Switch1 should have a default configuration.

Network connectivity can be verified with the Windows ping command. Open a windows terminal by clicking Start > Run. Type cmd and press Enter.

Use the following table to methodically verify and record connectivity with each network device. Take corrective action to establish connectivity if a test fails:

From To IP Address Ping Results

Host1 Gateway (Router1, Fa0/0)

Host1 Router1, Fa0/1

Host1 Host2

Host1 Host3

Host2 Host3

Host2 Gateway (Router1, Fa0/1)

Host2 Router1, Fa0/0

Host2 Host1

Host3 Host2

Host3 Gateway (Router1, Fa0/1)

Host3 Router1, Fa0/0

Host3 Host1

Note any break in connectivity. When troubleshooting connectivity issues, the topology diagram can be extremely helpful.

In the above scenario, how can a malfunctioning Gateway be detected?

______________________________________________________________________________

______________________________________________________________________________

Task 5: Reflection

Review any physical or logical configuration problems encountered during this lab. Be sure that you have a thorough understanding of the procedures used to verify network connectivity.

This is a particularly important lab. In addition to practicing IP subnetting, you configured host computers with network addresses and tested them for connectivity.

Page 165: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.4: Creating a Small Lab Topology

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 175 of 247

It is best to practice host computer configuration and verification several times. This will reinforce the skills you learned in this lab and make you a better network technician.

Task 6: Challenge

Ask your instructor or another student to introduce one or two problems in your network when you aren’t looking or are out of the lab room. Problems can be either physical (wrong UTP cable) or logical (wrong IP address or gateway). To fix the problems:

1. Perform a good visual inspection. Look for green link lights on Switch1.

2. Use the table provided in Task 3 to identify failed connectivity. List the problems:

_____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________

3. Write down your proposed solution(s):

_____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________

4. Test your solution. If the solution fixed the problem, document the solution. If the solution did not fix the problem, continue troubleshooting.

_____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________

Task 7: Clean Up

Unless directed otherwise by the instructor, restore host computer network connectivity, and then turn off power to the host computers.

Carefully remove cables and return them neatly to their storage. Reconnect cables that were disconnected for this lab.

Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 166: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 8.4: Creating a Small Lab Topology

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 176 of 247

Page 167: Networking Fundamentals Lab Workbook

Network Fundamentals

EEET 2320 Lab 9: Working with Cisco Devices

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 177 of 247

21B

LAB 9

Working with Cisco Devices

Page 168: Networking Fundamentals Lab Workbook

Network Fundamentals

EEET 2320 Lab 9.1: Establishing a Console Session with HyperTerminal

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 178 of 247

Lab 9.1: Establishing a Console Session with HyperTerminal

128BTopology Diagram

129BLearning Objectives

Upon completion of this lab, you will be able to:

• Connect a router and computer using a console cable.

• Configure HyperTerminal to establish a console session with a Cisco IOS router.

• Configure HyperTerminal to establish a console session with a Cisco IOS switch.

130BBackground

HyperTerminal is a simple Windows-based terminal emulation program for serial communication that can be used to connect to the console port on Cisco IOS devices. A serial interface on a computer is connected to the Cisco device via a rollover cable. Using HyperTerminal is the most basic way to access a router for checking or changing its configuration. Another popular serial communication utility is TeraTerm Web. Instructions for TeraTerm Web use are contained in Appendix A.

131BScenario

Set up a network similar to the one in the Topology Diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. The following resources will be required:

• Computer with a serial interface and HyperTerminal loaded

• Cisco router

• Console (rollover) cable for connecting the workstation to the router

Page 169: Networking Fundamentals Lab Workbook

Network Fundamentals

EEET 2320 Lab 9.1: Establishing a Console Session with HyperTerminal

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 179 of 247

Task 1: Connect a Router and Computer with a Console Cable.

Step 1: Set up basic physical connection.

Connect the console (rollover) cable to the console port on the router. Connect the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port.

Step 2: Power on devices.

If not already powered on, enable power to the computer and router.

Task 2: Configure HyperTerminal to Establish a Console Session with a Cisco IOS Router.

Step 1: Start HyperTerminal application.

From the Windows taskbar, start the HyperTerminal program by clicking Start > Programs >

Accessories > Communications > HyperTerminal.

Step 2: Configure HyperTerminal.

Figure 1. HyperTerminal Name Configuration Window

Refer to Figure 1 for a description of the opening HyperTerminal configuration window. At the Connection Description window, enter a session name in the Name field. Select an appropriate icon, or leave the default. Click OK.

Figure 2. HyperTerminal Connection Type

Page 170: Networking Fundamentals Lab Workbook

Network Fundamentals

EEET 2320 Lab 9.1: Establishing a Console Session with HyperTerminal

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 180 of 247

Refer to Figure 2. Enter the appropriate connection type, COM 1, in the Connect using field. Click OK.

Figure 3. HyperTerminal COM1 Port Settings

Refer to Figure 3. Change port settings to the following values:

Setting Value

Bits per second 9600

Data bits 8

Parity None

Stop bits 1

Flow control None

Click OK.

When the HyperTerminal session window comes up, press the Enter key. There should be a response from the router. This indicates that connection has been successfully completed. If there is no connection, troubleshoot as necessary. For example, verify that the router has power. Check the connection to the correct COM 1 port on the PC and the console port on the router. If there is still no connection, ask the instructor for assistance.

Step 3: Close HyperTerminal.

When finished, close the HyperTerminal session. Click File > Exit. When asked whether to save the session, click Yes. Enter a name for the session.

Step 4: Reconnect the HyperTerminal session.

Reopen the HyperTerminal session as described in Task 2, Step 1. This time, when the Connection Description window opens (see Figure 1), click Cancel.

Click File > Open. Select the saved session and then click Open. Use this technique to reconnect the HyperTerminal session to a Cisco device without reconfiguring a new session.

When finished, exit TeraTerm.

Page 171: Networking Fundamentals Lab Workbook

Network Fundamentals

EEET 2320 Lab 9.1: Establishing a Console Session with HyperTerminal

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 181 of 247

Task 3: Configure HyperTerminal to Establish a Console Session with a Cisco IOS Switch.

Serial connections between Cisco IOS routers and switches are very similar. In this task, you will make a serial connection between the host computer and a Cisco IOS switch.

Figure 4. Serial Connection Between a Host Computer and Cisco Switch

Step 1: Set up basic physical connection.

Refer to Figure 4. Connect the console (rollover) cable to the console port on the router. Connect the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port.

Step 2: Power on devices.

If not already powered on, enable power to the computer and switch.

Step 3: Start HyperTerminal application.

From the Windows taskbar, start the HyperTerminal program by clicking Start > Programs >

Accessories > Communications > Hyper Terminal.

Step 4: Configure HyperTerminal.

Use the procedure described in Task 2, Step 2, to configure HyperTerminal.

Refer to Figure 1 of the opening HyperTerminal configuration window. At the Connection Description window, enter a session name in the Name field. Select an appropriate icon, or leave the default. Click OK.

Refer to Figure 2. Enter the appropriate connection type, COM 1, in the Connect using field. Click OK.

Refer to Figure 3. Change port settings to the following values:

Setting Value

Bits per second 9600

Data bits 8

Parity None

Stop bits 1

Flow control None

Click OK.

When the HyperTerminal session window comes up, press the Enter key. There should be a response from the switch. This indicates that connection has been successfully completed. If

Page 172: Networking Fundamentals Lab Workbook

Network Fundamentals

EEET 2320 Lab 9.1: Establishing a Console Session with HyperTerminal

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 182 of 247

there is no connection, troubleshoot as necessary. For example, verify that the switch has power. Check the connection to the correct COM 1 port on the PC and the console port on the switch. If there is still no connection, ask the instructor for assistance.

Step 5: Close HyperTerminal.

When finished, close the HyperTerminal session. Click File > Exit. When asked whether to save the session, click No.

Task 3: Reflection

This lab provided information for establishing a console connection to a Cisco IOS router and switch.

Task 4: Challenge

Draw the pin connections for the rollover cable and straight-through cable. Compare the differences, and be able to identify the different cable types.

Task 5: Clean Up

Unless directed otherwise by the instructor, turn off power to the host computer and router. Remove the rollover cable.

Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 173: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 183 of 247

Lab 9.2: Basic Cisco Device Configuration

132BTopology Diagram

133BLearning Objectives

• Configure Cisco router global configuration settings.

• Configure Cisco router password access.

• Configure Cisco router interfaces.

• Save the router configuration file.

• Configure a Cisco switch.

134BBackground

Hardware Qty Description

Cisco Router 1 Part of CCNA Lab bundle.

Cisco Switch 1 Part of CCNA Lab bundle.

*Computer (host) 1 Lab computer.

Console (rollover) cable 1 Connects computer host 1 to Router console port.

UTP Cat 5 crossover cable 1 Connects computer host 1 to Router LAN interface Fa0/0

Straight Through Cable 3 Connects computer hosts to Switch and switch to router

Table 1. Equipment and hardware required for this lab. Gather the necessary equipment and cables. To configure the lab, make sure the equipment listed in Table 1 is available.

Common configuration tasks include setting the hostname, access passwords, and MOTD banner.

Interface configuration is extremely important. In addition to assigning a Layer 3 IP address, enter a description that describes the destination connection speeds troubleshooting time.

Configuration changes are effective immediately.

Configuration changes must be saved in NVRAM to be persistent across reboot.

Configuration changes may also be saved off-line in a text file for auditing or device replacement.

Cisco IOS switch configuration is similar to Cisco IOS router configuration.

135BScenario

In this lab students will configure common settings on a Cisco Router and Cisco Switch.

Page 174: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 184 of 247

Given an IP address of 198.133.219.0/24, with 4 bits borrowed for subnets, fill in the following information in the table below. (Hint: fill in the subnet number, then the host address. Address information will be easy to compute with the subnet number filled in first) Maximum number of usable subnets: _______________ Number of usable hosts per subnet: ___________________

IP Address: Subnet mask:

# Subnet First host address Last host address Broadcast

0

Before proceeding, verify your addresses with the instructor. The instructor will assign subnetworks.

Task 1: Configure Cisco Router Global Configuration Settings.

Figure 1. Lab cabling.

Step 1: Physically connect devices.

Refer to Figure 1. Connect the console or rollover cable to the console port on the router. Connect the other end of the cable to the host computer using a DB-9 or DB-25 adapter to the COM 1 port. Connect the crossover cable between the host computer’s network interface card (NIC) and Router interface Fa0/0. Connect a straight-through cable between the Router interface Fa0/1 and any of the switch’s interfaces (1-24).

Page 175: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 185 of 247

Ensure that power has been applied to the host computer, switch and router.

Step 2: Connect host computer to router through HyperTerminal.

From the Widows taskbar, start the HyperTerminal program by clicking on Start | Programs | Accessories | Communications | HyperTerminal.

Configure HyperTerminal with the proper settings:

Connection Description

Name: Lab 11_2_11 Icon: Personal choice

Connect to Connect Using: COM1 (or appropriate COM port) COM1 Properties

Bits per second: 9600 Data bits: 8 Parity: None

Stop bits: 1 Flow Control: None

When the HyperTerminal session window comes up, press the Enter key until there is a response from the router. If the router terminal is in the configuration mode, exit by typing NO.

Would you like to enter the initial configuration dialog? [yes/no]: no

Press RETURN to get started! Router>

When in privileged exec command mode, any misspelled or unrecognized commands will attempt to be translated by the router as a domain name. Since there is no domain server configured, there will be a delay while the request times out. This can take between several seconds to several minutes. To terminate the wait, simultaneously hold down the <CTRL><SHIFT>6 keys then release and press x:

Router>enabel Translating "enabel"...domain server (255.255.255.255) % Briefly hold down the keys <CTRL><SHIFT>6, release and press x Name lookup aborted Router>

From the user exec mode, enter privileged exec mode:

Page 176: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 186 of 247

Router> enable Router#

Verify a clean configuration file with the privileged exec command show running-config. If a configuration file was previously saved, it will have to be removed. Appendix 1 shows a typical default router’s configuration. Depending on router’s model and IOS version, your configuration may look slightly different. However, there should be no configured passwords or IP addresses. If your router does not have a default configuration, ask the instructor to remove the configuration.

Step 3: Configure global configuration hostname setting.

What two commands may be used to leave the privileged exec mode? ___________________

What shortcut command can be used to enter the privileged exec mode? _________________

Examine the different configuration modes that can be entered with the command configure? Write down the list of configuration modes and description: ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ From the privileged exec mode, enter global configuration mode: Router# configuration terminal Router(config)#

What three commands may be used to leave the global configuration mode and return to the privileged exec mode? ______________________________________________________________________________ ______________________________________________________________________________ What shortcut command can be used to enter the global configuration mode? ______________________

Set the device hostname to Router1:

router(config)# hostname Router1

Router1(config)#

How can the hostname be removed? ______________________________________________________________________________

Page 177: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 187 of 247

______________________________________________________________________________

Step 4: Configure the MOTD banner.

In production networks, banner content may have a significant legal impact on the organization. For example, a friendly “Welcome” message may be interpreted by a court that an attacker has been granted permission to hack into the router. A banner should include information about authorization, penalties for unauthorized access, connection logging, and applicable local laws. The corporate security policy should provide policy on all banner messages. Create a suitable MOTD banner. Only system administrators of the ABC Company are authorized access, unauthorized access will be prosecuted, and all connection information will be logged. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ Examine the different banner modes that can be entered. Write down the list of banner modes and description.

Router1(config)# banner ? ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ Choose a terminating character that will not be used in the message text.__________________ Configure the MOTD banner. The MOTD banner is displayed on all connections before the login prompt. Use the terminating character on a blank line to end the MOTD entry: Router1(config)# banner motd %

Enter TEXT message. End with the character '%'

Page 178: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 188 of 247

***You are connected to an ABC network device. Access is granted to only current ABC company system administrators with prior written approval. *** *** Unauthorized access is prohibited, and will be prosecuted. *** *** All connections are continuously logged. *** % Router1(config)#

What is the global configuration command to remove the MOTD banner? ______________________________________________________________________________

Task 2: Configure Cisco router password access.

Access passwords are set for the privileged exec mode and user entry point such as console, aux, and virtual lines. The privileged exec mode password is the most critical password, since it controls access to the configuration mode.

Step 1: Configure the privileged exec password.

Cisco IOS supports two commands that set access to the privileged exec mode. One command, enable password, contains weak cryptography and should never be used if the enable secret command is available. The enable secret command uses a very secure MD5 cryptographic hash algorithm. Cisco says “As far as anyone at Cisco knows, it is impossible to recover an enable secret based on the contents of a configuration file (other than by obvious dictionary attacks).” Password security relies on the password algorithm, and the password. . In production environments, strong passwords should be used at all times. A strong password consists of at least nine characters of upper and lower case letters, numbers, and symbols. In a lab environment, we will use weak passwords.

Set the privileged exec password to cisco. Router1(config)# enable secret cisco Router1(config)#

Step 2: Configure the console password.

Set the console access password to class. The console password controls console access to the router.

Router1(config)# line console 0 Router1(config-line)# password class Router1(config-line)# login

What is the command to remove the console password? _____________________________

Page 179: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 189 of 247

Step 3: Configure the virtual line password.

Set the virtual line access password to class. The virtual line password controls Telnet access to the router. In early Cisco IOS versions, only five virtual lines could be set, 0 through 4. In newer Cisco IOS versions, the number has been expanded. Unless a telnet password is set, access on that virtual line is blocked.

Router1(config-line)# line vty 0 4 Router1(config-line)# password class Router1(config-line)# login

There are three commands that may be used to exit the line configuration mode:

Command Effect

Return to the global configuration mode.

Exit configuration and return to the privileged exec mode.

Issue the command exit. What is the router prompt? What is the mode? Router1(config-line)# exit ______________________________________________________________________________ ______________________________________________________________________________ Issue the command end. What is the router prompt? What is the mode? ______________________________________________________________________________ ______________________________________________________________________________

Task 3: Configure Cisco Router Interfaces.

All cabled interfaces should contain documentation about the connection. On newer Cisco IOS

versions, the maximum description is 240 characters.

Figure 2. Physical lab topology.

Figure 2 shows a network topology where a host computer is connected to Router1, interface Fa0/0.

Write down your subnet number and mask: ________________________________________________

Page 180: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 190 of 247

The first IP address will be used to configure the host computer LAN. Write down the first IP Address: ______________________________________________________________________________ The last IP address will be used to configure the router fa0/0 interface. Write down the last IP Address: ______________________________________________________________________________

Step 1: Configure the router fa0/0 interface.

Write a short description for the connections on Router1: Fa0/0 -> ______________________________________________________________________________ Apply the description on the router interface with the interface configuration command, description: Router1(config)# interface fa0/0 Router1(config-if)# description Connection to Host1 with crossover cable Router1(config-if)# ip address address mask Router1(config-if)# no shutdown

Router1(config-if)# end

Router1# Look for the interface to become active: *Mar 24 19:58:59.602: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Step 2: Configure the router Fa0/1 interface.

Write a short description for the connections on Router1: Fa0/1 -> ______________________________________________________________________________

Apply the description on the router interface with the interface configuration command, description: Router1(config)# interface fa0/1 Router1(config-if)# description Connection to switch with straight-through cable Router1(config-if)# ip address address mask Router1(config-if)# no shutdown

Router1(config-if)# end

Router1# Look for the interface to become active: *Mar 24 19:58:59.602: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Step 3: Configure the host computer.

Configure the host computer for LAN connectivity. Recall that the LAN configuration window is accessed through Start | Control Panel | Network Connections. Right-click on the LAN icon, and

Page 181: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 191 of 247

select Properties. Highlight the Internet Protocol field, and select Properties. Fill in the following fields: IP Address: The first host address __________________________ Subnet Mask: The subnet mask ____________________________ Default Gateway: Router’s IP Address _______________________ Click OK, and then Close. Open a terminal window, and verify network settings with the ipconfig command.

Step 4: Verify network connectivity.

Use the ping command to verify network connectivity with the router. If ping replies are not successful troubleshoot the connection:

What Cisco IOS command can be used to verify the interface status? __________________________ What Windows command can be used to verify host computer configuration? _____________________

What is the correct LAN cable between host1 and Router1? _______________________________

Task 4: Save the Router Configuration File.

Cisco IOS refers to RAM configuration storage as running-configuration, and NVRAM configuration storage as startup-configuration. For configurations to survive rebooting or power restarts, the RAM configuration must be copied into non-volatile RAM (NVRAM). This does not occur automatically, NVRAM must be manually updated after any changes are made.

Step 1: Compare router RAM and NVRAM configurations.

Use the Cisco IOS show command to view RAM and NVRAM configurations. The configuration is displayed one screen at a time. A line containing “ -- more -- “ indicates that there is additional information to display. The following list describes acceptable key responses:

Key Description

<SPACE> Display the next page.

<RETURN> Display the next line.

Q Quit

<CTRL> c Quit

Write down one possible shortcut command that will display the contents of NVRAM.

Display the contents of NVRAM. If the output of NVRAM is missing, it is because there is no saved configuration.:

Router1# show startup-config startup-config is not present Router1#

Page 182: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 192 of 247

Display the contents of RAM.

Router1#show running-config

Use the output to answer the following questions:

How large is the configuration file? ____________________

What is the enable secret password? ________________________ Does your MOTD banner contain the information you entered earlier? __________________________

Do your interface descriptions contain the information you entered earlier? ____________________

Write down one possible shortcut command that will display the contents of RAM. _________________

Step 2: Save RAM configuration to NVRAM.

For a configuration to be used the next time the router is powered on or reloaded, it must be manually saved in NVRAM. Save the RAM configuration to NVRAM:

Router1# copy running-config startup-config Destination filename [startup-config]? <ENTER> Building configuration... [OK] Router1# Write down one possible shortcut command that will copy the RAM configuration to NVRAM. ____________________________ Review the contents of NVRAM, and verify that the configuration is the same as the configuration in RAM.

Task 5: Configure a Cisco Switch.

Cisco IOS switch configuration is (thankfully) similar to configuring a Cisco IOS router. The benefit of learning IOS commands is that they are similar to many different devices and IOS versions.

Step 1: Connect the host to the switch.

Move the console, or rollover, cable to the console port on the switch. Ensure power has been applied to the switch. In Hyperterminal, press Enter until the switch responds.

Page 183: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 193 of 247

Step 2. Configure global configuration hostname setting.

Appendix 2 shows a typical default switch configuration. Depending on router model and IOS version, your configuration may look slightly different. However, there should be no configured passwords. If your router does not have a default configuration, ask the instructor to remove the configuration.

From the user exec mode, enter global configuration mode: Switch> en Switch# config t Switch(config)#

Set the device hostname to Switch1.

Switch(config)# hostname Switch1 Switch1(config)#

Step 3: Configure the MOTD banner.

Create a suitable MOTD banner. Only system administrators of the ABC company are authorized access, unauthorized access will be prosecuted, and all connection information will be logged.

Configure the MOTD banner. The MOTD banner is displayed on all connections before the login prompt. Use the terminating character on a blank line to end the MOTD entry. For assistance, review the similar step for configuring a router MOTD banner.

Switch1(config)# banner motd %

Step 4: Configure the privileged exec password.

Set the privileged exec password to cisco. Switch1(config)# enable secret cisco Switch1(config)#

Step 5: Configure the console password.

Set the console access password to class.

Switch1(config)# line console 0 Switch1(config-line)# password class Switch1(config-line)# login

Step 6: Configure the virtual line password.

Set the virtual line access password to class. There are 16 virtual lines that can be configured on a Cisco IOS switch, 0 through 15.

Switch1(config-line)# line vty 0 15 Switch1(config-line)# password class Switch1(config-line)# login

Page 184: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 194 of 247

Figure 3. Network topology.

Step 7: Configure the interface description.

Figure 3 shows a network topology where Router1 is connected to Switch1, interface Fa0/1. Switch1 interface Fa0/2 is connected to host computer 2, and interface Fa0/3 is connected to host computer 3.

Write a short description for the connections on Switch1:

Router1

Interface

Description

Fa0/1

Fa0/2

Fa0/3

Apply the descriptions on the switch interface with the interface configuration command, description:

Switch1(config)# interface fa0/1 Switch1(config-if)# description Connection to Router1 Switch1(config)# interface fa0/2 Switch1(config-if)# description Connection to host computer 2

Switch1(config)# interface fa0/3 Switch1(config-if)# description Connection to host computer 3

Switch1(config-if)# end

Switch1#

Step 8: Save RAM configuration to NVRAM.

For a configuration to be used the next time the switch is powered on or reloaded, it must be manually saved in NVRAM. Save the RAM configuration to NVRAM:

Switch1# copy run start Destination filename [startup-config]? <ENTER> Building configuration... [OK] Switch1#

Review the contents of NVRAM, and verify that the configuration is the same as the configuration in RAM.

Page 185: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 195 of 247

Task 6: Reflection

The more you practice the commands, the faster you will become in configuring a Cisco IOS router and switch. It is perfectly acceptable to use notes at first to help configure a device, but a professional network engineer does not need a ‘cheat sheet’ to perform common configuration tasks. The following table lists commands covered in this lab:

Purpose Command

Enter the global configuration mode.

configure terminal Example: Router> enable Router# configure terminal Router(config)#

Specify the name for the router. hostname name Example: Router(config)# hostname Router1 Router(config)#

Specify an encrypted password to prevent unauthorized access to the privileged exec mode.

enable secret password Example: Router(config)# enable secret cisco Router(config)#

Specify a password to prevent unauthorized access to the console.

password password login Example: Router(config)# line con 0

Router(config-line)# password class

Router(config-line)# login Router(config)#

Specify a password to prevent unauthorized telnet access. Router vty lines: 0 4 Switch vty lines: 0 15

password password login Example: Router(config)# line vty 0 4

Router(config-line)# password class

Router(config-line)# login Router(config-line)#

Configure the MOTD banner. Banner motd % Example: Router(config)# banner motd % Router(config)#

Configure an interface. Router- interface is OFF by default Switch- interface is ON by default

Example: Router(config)# interface fa0/0 Router(config-if)# description description

Router(config-if)# ip address address mask

Router(config-if)# no shutdown

Router(config-if)#

Save the configuration to NVRAM. copy running-config startup-config

Page 186: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 196 of 247

Example: Router# copy running-config startup-config Router#

Task 7: Challenge

It is often necessary, and always handy, to save the configuration file to an off-line text file. One way to save the configuration file is to use HyperTerminal Transfer menu option Capture.

Figure 2. Hyperterminal Capture menu.

Refer to Figure 2. All communication between the host computer and router are saved to a file. The file can be edited, and saved. The file can also be edited, copied, and pasted into a router:

To start a capture, select Hyperterminal menu option Transfer | Capture Text. Enter a path and file name, and select Start. Issue the privileged exec command show running-config, and press the <SPACE> key until all of the configuration has been displayed.

Stop the capture. Select menu option Transfer | Capture Text | Stop.

Open the text file and review the contents. Remove any lines that are not configuration commands, such as the more prompt. Manually correct any lines that were scrambled or occupy the same line. After checking the configuration file, highlight the lines and select Notepad menu Edit | Copy. This places the configuration in host computer memory.

To load the configuration file, it is ALWAYS best practice to begin with a clean RAM configuration. Otherwise, stale configuration commands may survive a paste action and have unintended consequences (also known as the Law of Unintended Consequences):

Erase the NVRAM configuration file:

Router1# erase start

Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] <ENTER> [OK] Erase of nvram: complete Reload the router:

Page 187: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 197 of 247

Router1# reload

Proceed with reload? [confirm] <ENTER> When the router reboots, enter the global configuration mode: Router> en

Router# config t Router(config)# Using the mouse, right-click inside the Hyperterminal window and select Paste To Host. The configuration will be loaded, very quickly, to the router. Watch closely for error messages, each message must be investigated and corrected. Verify the configuration, and save to NVRAM.

Task 8: Clean Up.

Before turning off power to the router and switch, remove the NVRAM configuration file from each device with the privileged exec command erase startup-config.

Delete any configuration files saved on the host computers.

Unless directed otherwise by the instructor, restore host computer network connectivity, then turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 188: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 198 of 247

Appendix 1- Default Cisco IOS router configuration Current configuration : 824 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! no aaa new-model ip cef ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown no fair-queue ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! interface Vlan1 no ip address ! ip http server no ip http secure-server ! control-plane ! line con 0 line aux 0 line vty 0 4 login ! scheduler allocate 20000 1000 end

Page 189: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 199 of 247

Appendix 2- Default Cisco IOS switch configuration Current configuration : 1519 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! ! ip subnet-zero ! ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! ! interface FastEthernet0/1 no ip address ! interface FastEthernet0/2 no ip address ! interface FastEthernet0/3 no ip address ! interface FastEthernet0/4 no ip address ! interface FastEthernet0/5 no ip address ! interface FastEthernet0/6 no ip address ! interface FastEthernet0/7 no ip address ! interface FastEthernet0/8 no ip address ! interface FastEthernet0/9 no ip address ! interface FastEthernet0/10 no ip address ! interface FastEthernet0/11 no ip address ! interface FastEthernet0/12 no ip address ! interface FastEthernet0/13 no ip address !

Page 190: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.2: Basic Cisco Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 200 of 247

interface FastEthernet0/14 no ip address ! interface FastEthernet0/15 no ip address ! interface FastEthernet0/16 no ip address ! interface FastEthernet0/17 no ip address ! interface FastEthernet0/18 no ip address ! interface FastEthernet0/19 no ip address ! interface FastEthernet0/20 no ip address ! interface FastEthernet0/21 no ip address ! interface FastEthernet0/22 no ip address ! interface FastEthernet0/23 no ip address ! interface FastEthernet0/24 no ip address ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address ! interface Vlan1 no ip address no ip route-cache shutdown ! ip http server ! ! line con 0 line vty 5 15 ! End

Page 191: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.3: Managing Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 201 of 247

Lab 9.3: Managing Device Configuration

136BTopology Diagram

137BLearning Objectives

• Configure network connectivity.

• Use TFTP to save and restore a Cisco IOS configuration.

138BBackground

Hardware Qty Description

Cisco Router 1 Part of CCNA Lab bundle.

Computer (host) 1 Lab computer.

Console (rollover) cable 1 Connects computer host 1 to Router console port.

Crossover cable 1 Connects host1 NIC to Router1 Fa0/1

Table 1. Equipment and hardware required for this lab.

Gather the necessary equipment and cables. To configure the lab, make sure the equipment listed in Table 1 is available. The host computer will be used as a TFTP server. This lab requires the use of SolarWinds TFTP server software. SolarWinds is a free TFTP application for Windows.

139BScenario

In this lab, students will configure common settings on a Cisco Router, save the configuration to a TFTP server, then restore the configuration from a TFTP server. Given an IP address of 10.250.250.0/24, and 6 bits used for subnets. Use the LAST subnet. Host1 should use the FIRST valid host address, and Router1 should use the LAST valid host address:

IP Address: 10.250.250.0 Subnet mask:

Subnet First host address Last host address Broadcast

Task 1: Configure Network Connectivity.

Page 192: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.3: Managing Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 202 of 247

Step 1: Physically connect devices.

Refer to the Topology Diagram. Connect the console, or rollover, cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure power has been applied to both the host computer and router.

Step 2: Logically connect devices.

Using the IP address information from the scenario, configure the host1 computer.

Step 3: Connect host computer to router through HyperTerminal.

From the Widows taskbar, start the HyperTerminal program by clicking on Start | Programs | Accessories | Communications | Hyper Terminal.

When the HyperTerminal session window opens, press the Enter key until there is a response from the router.

Step 4: Configure Router1.

Configure Router1. Configuration tasks for Router1 include the following:

Task- refer to Appendix 1 for help with commands

Specify Router name- Router1

Specify an encrypted privileged exec password- cisco

Specify a console access password- class

Specify a telnet access password- class

Configure the MOTD banner.

Configure Router1 interface Fa0/0- set the description set the Layer 3 address issue no shutdown

NOTE **DO NOT SAVE THE CONFIGURATION IN NVRAM.

Step 5: Verify connectivity.

Verify connectivity between host1 and Router1:

Router1# ping 10.250.250.253

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.250.250.253, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms Router1#

Task 2: Use TFTP to Save and Restore a Cisco IOS Configuration.

Page 193: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.3: Managing Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 203 of 247

Step 1: Install SolarWinds TFTP application.

Double click on the SolarWinds TFTP application to begin installation. Select Next. Agree to the license agreement, and accept default settings. After SolarWinds has finished installation, click on Finish.

Step 2: Start TFTP server.

Figure 2. TFTP Server window.

Start the TFTP server by selecting Start | Programs | SolarWinds Free Tools | TFTP Server. Figure 2 shows an active TFTP Server window.

Step 3: Configure the TFTP server.

Figure 3. TFTP Server window.

To configure TFTP server, select menu option File | configure. Refer to Figure 3. Verify the following settings:

Setting Value

TFTP Root Directory:

TFTP-Root

Security Transmit and Receive Files

Advanced Security 10.250.250.254 To 10.250.250.254

Page 194: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.3: Managing Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 204 of 247

Auto-Close Never

Log Enable Log Requests to the Following File. Leave the default file.

When finished, select OK.

Step 4. Save Router1 configuration to TFTP server.

From HyperTerminal, begin a TFTP upload to the TFTP server: Router1#copy running-config tftp: Address or name of remote host []? 10.250.250.253 Destination filename [router1-confg]? <ENTER> !! 1081 bytes copied in 2.008 secs (538 bytes/sec) Router1# Verify a successful upload transfer. Open Log file c:\Program Files\SolarWinds\Free Tools\TFTP-Server.txt. Contents should be similar to the following:

3/25/2007 12:29 :Receiving router1-confg from (10.250.250.254) 3/25/2007 12:29 :Received router1-confg from (10.250.250.254), 1081 bytes

Verify the transferred file. Use Microsoft Word or Wordpad to examine the contents of file c:\TFTP-Root\router1-confg. Contents should be similar to the following configuration:

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$D02B$AuX05n0HPT239yYRoQ0oE. ! no aaa new-model ip cef ! interface FastEthernet0/0 description connection to host1 ip address 10.250.250.254 255.255.255.252 duplex auto speed auto ! interface FastEthernet0/1

Page 195: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.3: Managing Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 205 of 247

no ip address shutdown duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown no fair-queue ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! ip http server no ip http secure-server ! control-plane ! banner motd *** ABC COMPANY NETWORK DEVICE **** *** Authorized access only ***** *** Logging is enabled **** ! line con 0 password class login line aux 0 line vty 0 4 password class login ! scheduler allocate 20000 1000 End

Step 5: Restore Router1 configuration from TFTP server.

Verify that NVRAM is clear, then reboot Router1:

Router1# show startup-config

startup-config is not present Router1# reload

Proceed with reload? [confirm] <ENTER>

Connectivity must be established with the TFTP server. Router1 fa0/0 must be configured with an IP address, and the interface enabled: Router> enable

Router# conf t

Page 196: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.3: Managing Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 206 of 247

Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fa0/0

Router(config-if)# ip address 10.250.250.254 255.255.255.252

Router(config-if)# no shutdown Router(config-if)# exit *Mar 25 16:43:03.095: %SYS-5-CONFIG_I: Configured from console by console *Mar 25 16:43:04.967: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up Configure the hostname of the router to TEST Router(config-if)#exit

Router(config)#hostname TEST

Router(config-if)#end TEST# Verify connectivity with the ping command: Router# ping 10.250.250.253

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.250.250.253, timeout is 2 seconds: .!!!! Success rate is 80 percent(4/5), round-trip min/avg/max = 1/1/1ms Router# Download Router1 configuration file from the TFTP server: Router# copy tftp startup-config

Address or name of remote host []? 10.250.250.253 Source filename []? router1-confg Destination filename [startup-config]? <ENTER> Accessing tftp://10.250.250.249/router1-confg... Loading router1-confg from 10.250.250.253 (via FastEthernet0/0): ! [OK - 1081 bytes] 1081 bytes copied in 9.364 secs (115 bytes/sec) Router1# *Mar 25 16:55:26.375: %SYS-5-CONFIG_I: Configured from tftp://10.250.250.253/router1-confg by console Router1# View the configuration in NVRAM to verify an accurate transfer. The configuration should be the same as what was configured in Task 1, Step 4. Reload the router select no at the prompt that says “Configuration has been modified”. The previous the configuration should be restored and the router’s hostname should now be Router1.

Task 3: Reflection

Page 197: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.3: Managing Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 207 of 247

TFTP is a fast, efficient way to save and load Cisco IOS configuration files. Task 4: Challenge Similar to uploading a configuration file, the IOS can also be stored off-line for future use. To discover the IOS filename, issue the Cisco IOS command show version. The filename is highlighted, below:

Router1# show version Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(10b), RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Fri 19-Jan-07 15:15 by prod_rel_team ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) Router1 uptime is 17 minutes System returned to ROM by reload at 16:47:54 UTC Sun Mar 25 2007 System image file is "flash:c1841-advipservicesk9-mz.124-10b.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected]. Cisco 1841 (revision 6.0) with 174080K/22528K bytes of memory. Processor board ID FHK110918KJ 2 Serial(sync/async) interfaces DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 62720K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102 Router1#

The commands to upload the IOS are similar to uploading the configuration file:

Router1# copy flash tftp

Source filename []? c1841-advipservicesk9-mz.124-10b.bin Address or name of remote host []? 10.250.250.253 Destination filename [c1841-advipservicesk9-mz.124-10b.bin]?

Page 198: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.3: Managing Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 208 of 247

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 22063220 bytes copied in 59.564 secs (370412 bytes/sec) Router1#

Task 5: Clean Up.

Before turning off power to the router, remove the NVRAM configuration file if it was loaded. Use the privileged exec command erase startup-config. Remove SolarWinds TFTP server from the host computer. Select Start | Control Panel. Open Add or Remove Applications. Select SolarWinds, then Remove. Accept defaults. Delete any configuration files saved on the host computers. Unless directed otherwise by the instructor, restore host computer network connectivity, then turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class

Page 199: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 9.3: Managing Device Configuration

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 209 of 247

Appendix 1

Purpose Command

Enter the global configuration mode.

configure terminal Example: Router> enable Router# configure terminal Router(config)#

Specify the name for the router. hostname name Example: Router(config)# hostname Router1 Router(config)#

Specify an encrypted password to prevent unauthorized access to the privileged exec mode.

enable secret password Example: Router(config)# enable secret cisco Router(config)#

Specify a password to prevent unauthorized access to the console.

password password login Example: Router(config)# line con 0

Router(config-line)# password class

Router(config-line)# login Router(config)#

Specify a password to prevent unauthorized telnet access. Router vty lines: 0 4 Switch vty lines: 0 15

password password login Example: Router(config)# line vty 0 4

Router(config-line)# password class

Router(config-line)# login Router(config-line)#

Configure the MOTD banner. Banner motd % Example: Router(config)# banner motd % Router(config)#

Configure an interface. Router- interface is OFF by default Switch- interface is ON by default

Example: Router(config)# interface fa0/0 Router(config-if)# description description

Router(config-if)# ip address address mask

Router(config-if)# no shutdown

Router(config-if)#

Save the configuration to NVRAM.

copy running-config startup-config Example: Router# copy running-config startup-config Router#

22B

Page 200: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10: Network Configuration, Testing & Documentation

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 210 of 247

LAB 10

Network Configuration, Testing & Documentation

Page 201: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.1: Configure Host Computers for IP Networking

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 211 of 247

Lab 10.1: Configure Host Computers for IP Networking

140BTopology Diagram

141BLearning Objectives

Upon completion of this lab, you will be able to:

• Design the logical lab topology.

• Configure the physical lab topology.

• Configure the logical LAN topology.

• Verify LAN connectivity.

142BBackground

Hardware Qty Description

Cisco Router 1 Part of CCNA Lab bundle

Cisco Switch 1 Part of CCNA Lab bundle

*Computer (Host) 3 Lab computer

CAT-5 or better straight-through UTP cables

3 Connects Router1 and computers Host1 and Host2 to switch1

Table 1. Equipment and Hardware for this Lab

Gather the necessary equipment and cables. To configure the lab, make sure the equipment listed in Table 1 is available.

143BScenario

In this lab students will create a small network that requires connecting network devices and configuring host computers for basic network connectivity. The Appendix is a reference for configuring the logical network.

Page 202: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.1: Configure Host Computers for IP Networking

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 212 of 247

Task 1: Design the Logical Lab Topology.

1. Given an IP address of 192.168.254.0/24, and 5 bits used for subnets, fill in the following information:

Maximum number of usable subnets: __________

Number of usable Hosts per subnet: __________

IP Address: 192.168.254.0 Subnet mask:

# Subnet First Host address Last Host address Broadcast

0

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

2. Before proceeding, verify your addresses with the instructor. The instructor will assign one

subnetwork per student or team.

Page 203: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.1: Configure Host Computers for IP Networking

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 213 of 247

Task 2: Configure the Physical Lab Topology.

Step 1: Physically connect devices.

1. Cable the network devices as shown in Figure 1.

Figure 1. Cabling the Network

Is a crossover cable needed to connect Host computers to the switch? Why or why not? ________________________________________________________________________

_____________________________________________________________________________ If not already enabled, turn power on to all devices.

Step 2: Visually inspect network connections.

After cabling the network devices, take a moment to verify the connections. Attention to detail now will minimize the time required to troubleshoot network connectivity issues later.

Task 3: Configure the Logical Topology.

Step 1: Document logical network settings.

1. Host computers will use the first two IP addresses in the subnetwork. Write down the IP address information for each device:

Device Subnetwork IP address Mask

Host1

Host2

Figure 2. Logical Topology

2. From the information given in Figure 2, write down the IP network addressing for each computer:

Host 1

IP Address

IP Mask

Host 2

Page 204: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.1: Configure Host Computers for IP Networking

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 214 of 247

Host 1

IP Address

IP Mask

Step 2: Configure Host1 computer.

1. On Computer1, click Start > Control Panel > Network Connections. Right-click the LAN icon, and choose Properties. On the General tab, select Internet Protocol (TCP/IP), and then click the Properties button.

Figure 3. Host1 IP Address and Gateway Settings

2. Refer to Figure 3 for Host1 IP address and gateway settings.

3. When finished, click OK, then click Close. The computer may require a reboot for changes to be effective.

4. Verify proper configuration of Host1 with the ipconfig /all command.

5. Record the output below:

Setting Value

Ethernet device

Physical Address

IP Address

Subnet Mask

Default Gateway

Step 3: Configure Host2.

1. Repeat Step 2 for Host2, using IP address information from the table filled out in Step 1.

2. Verify proper configuration of Host1 with the ipconfig /all command.

3. Record the output below:

Page 205: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.1: Configure Host Computers for IP Networking

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 215 of 247

Setting Value

Ethernet device

Physical Address

IP Address

Subnet Mask

Default Gateway

Task 4: Verify Network Connectivity.

Network connectivity can be verified with the Windows ping command.

1. Use the following table to methodically verify connectivity with each network device:

From To IP Address Ping results

Host1 Host2

Host2 Host1

2. Take corrective action to establish connectivity if a test fails.

Note: If pings to host computers fail, temporarily disable the computer firewall and retest. To disable a Windows firewall, click Start > Control Panel > Windows Firewall, choose Off, and then click OK.

Task 5: Reflection

Review any physical or logical configuration problems encountered during this lab. Make sure you have a thorough understanding of the procedures used to configure a Windows host computer.

Task 6: Challenge

Ask your instructor or another student to introduce one or two problems in your network when you aren’t looking or are out of the lab room. Problems can be either physical (wrong UTP cable) or logical (wrong IP address). To fix the problems:

1. Perform a good visual inspection. Look for green link lights on Switch1.

2. Use the table provided in Task 3, above, to identify failed connectivity. List the problems:

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

3. Write down your proposed solution(s):

________________________________________________________________________

________________________________________________________________________

Page 206: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.1: Configure Host Computers for IP Networking

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 216 of 247

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

4. Test your solution. If the solution fixed the problem, document the solution. If the solution did not fix the problem, continue troubleshooting.

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

Task 7: Clean Up

Unless directed otherwise by the instructor, restore host computer network connectivity, and then turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.

Page 207: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.1: Configure Host Computers for IP Networking

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 217 of 247

Appendix

Page 208: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.2: Network Testing

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 218 of 247

23BLab 10.2: Network Testing

144BTopology Diagram

145BLearning Objectives

Upon completion of this lab, you will be able to:

• Design the logical lab topology.

• Configure the physical lab topology.

• Configure the logical LAN topology.

• Verify LAN connectivity.

146BBackground

Hardware Qty Description

Cisco Router 1 Part of CCNA Lab bundle

Cisco Switch 1 Part of CCNA Lab bundle

*Computer (Host) 3 Lab computer

CAT-5 or better straight-through UTP cables

3 Connects Router1, Host1, and Host2 to switch1

CAT-5 crossover UTP cable 1 Connects Host 1 to Router1

Console (rollover) cable 1 Connects Host1 to Router1 console

Table 1. Equipment and Hardware for this Lab

Gather the necessary equipment and cables. To configure the lab, make sure the equipment listed in Table 1 is available.

The Appendix contains Cisco IOS configuration syntax for this lab.

147BScenario

In this lab, you will create a small network that requires connecting network devices and configuring host computers for basic network connectivity. SubnetA and SubnetB are subnets that are currently needed. SubnetC, SubnetD, SubnetE, and SubnetF are anticipated subnets, not yet connected to the network.

Page 209: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.2: Network Testing

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 219 of 247

Task 1: Design the Logical Lab Topology.

Given an IP address and mask of 172.20.0.0 / 24 (address / mask), design an IP addressing scheme that satisfies the following requirements:

Subnet Number of Hosts

SubnetA As shown in topology diagram

SubnetB Between 80 – 100

SubnetC Between 40 – 52

SubnetD Between 20 – 29

SubnetE 12

SubnetF 5

Note: Always start with the subnet with the largest number of hosts and work your way down.

Therefore, you should start with SubnetB and finish with SubnetA.

Step 1: Design SubnetB address block.

Begin the logical network design by satisfying the requirement of SubnetB, which requires the largest block of IP addresses. Using binary numbers to create your subnet chart, pick the first address block that will support SubnetB.

1. Fill in the following table with IP address information for SubnetB:

Network

Address

Mask First Host

Address

Last Host

Address

Broadcast

2. What is the bit mask in binary?

____________________________________________________

Step 2: Design SubnetC address block.

Satisfy the requirement of SubnetC, the next largest IP address block. Using binary numbers to create your subnet chart, pick the next available address block that will support SubnetC.

1. Fill in the following table with IP address information for SubnetC:

Network

Address

Mask First Host

Address

Last Host

Address

Broadcast

2. What is the bit mask in binary?

____________________________________________________

Step 3: Design SubnetD address block.

Satisfy the requirement of SubnetD, the next largest IP address block. Using binary numbers to create your subnet chart, pick the next available address block that will support SubnetD.

1. Fill in the following table with IP address information for SubnetD:

Network Mask First Host Last Host Broadcast

Page 210: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.2: Network Testing

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 220 of 247

Address Address Address

2. What is the bit mask in binary?

____________________________________________________

Step 4: Design SubnetE address block.

Satisfy the requirement of SubnetE, the next largest IP address block. Using binary numbers to create your subnet chart, pick the next available address block that will support SubnetE.

1. Fill in the following table with IP address information for SubnetE:

Network

Address

Mask First Host

Address

Last Host

Address

Broadcast

2. What is the bit mask in binary?

____________________________________________________

Step 5: Design SubnetF address block.

Satisfy the requirement of SubnetF, the next largest IP address block. Using binary numbers to create your subnet chart, pick the next available address block that will support SubnetF.

1. Fill in the following table with IP address information for SubnetF:

Network

Address

Mask First Host

Address

Last Host

Address

Broadcast

2. What is the bit mask in binary?

____________________________________________________

Step 6: Design SubnetA address block.

Satisfy the requirement of SubnetA, the smallest IP address block. Using binary numbers to create your subnet chart, pick the next available address block that will support SubnetA.

1. Fill in the following table with IP address information for SubnetA:

Network

Address

Mask First Host

Address

Last Host

Address

Broadcast

2. What is the bit mask in binary?

____________________________________________________

Task 2: Configure the Physical Lab Topology.

Step 1: Physically connect lab devices.

1. Cable the network devices as shown in Figure 1. Pay special attention to the crossover cable required between Host1 and Router1.

Page 211: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.2: Network Testing

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 221 of 247

Figure 1. Cabling the Network

2. If not already enabled, turn power on to all devices.

Step 2: Visually inspect network connections.

After cabling the network devices, take a moment to verify the connections. Attention to detail now will minimize the time required to troubleshoot Layer 1 connectivity issues later.

Task 3: Configure the Logical Topology.

Step 1: Document logical network settings.

On SubnetA, Host1 will use the first IP address in the subnet. Router1, interface Fa0/0, will use the last host address. On SubnetB, host computers will use the first and second IP addresses in the subnet, respectively. Router1, interface Fa0/1, will use the last network host address.

To properly route Layer 2 frames between LAN devices, Switch1 does not require Layer 3 configuration. The IP address assigned to Switch 1, interface VLAN 1, is used to establish Layer 3 connectivity between external devices and the switch. Without an IP address, upper-layer protocols such as TELNET and HTTP will not work. The default gateway address permits the switch to respond to protocol requests from devices on distant networks. For example, the IP gateway address extends Layer 3 connectivity beyond Subnet B. Switch1 will use the next-to-last host address.

Write down the IP address information for each device:

Device Subnet IP Address Mask Gateway

Host1

Router1-Fa0/0

Host2

Host3

Switch1

Router1-Fa0/1

Step 2: Configure host computers.

1. On each computer, in turn, click Start > Control Panel > Network Connections. Right-click the LAN icon, and choose Properties. On the General tab, select Internet Protocol (TCP/IP), and then click the, Properties button.

2. Verify that the Host1 Layer 3 IP address is on a different subnet than Host2 and Host3. Configure each host computer using the IP address information recorded in Step 1.

3. Verify proper configuration of each host computer with the ipconfig command and fill in the following table:

Page 212: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.2: Network Testing

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 222 of 247

Device IP Address Mask Default

Gateway

Host1

Host2

Host3

Step 3: Configure Router1.

1. From the Windows taskbar, start the HyperTerminal program by clicking Start > Programs

> Accessories > Communications > HyperTerminal. Configure HyperTerminal for access to Router1. Configuration for Router1 includes the following tasks:

Tasks

(Refer to the Appendix for help with commands)

Specify Router name: Router1

Specify an encrypted privileged EXEC password: cisco

Specify a console access password: class

Specify a telnet access password: class

Configure the MOTD banner

Configure Router1 interface Fa0/0:

• Set the description

• Set the Layer 3 address

• Issue no shutdown

Configure Router1 interface Fa0/1:

• Set the description

• Set the Layer 3 address

• Issue no shutdown

2. Save the configuration in NVRAM.

3. Display the contents of RAM:

4. Write the configuration specifications below:

Hostname: ________________________

Enable secret password: ________________________

Console access password: ________________________

Telnet access password: ________________________

MOTD banner: ________________________

5. Display configuration information for interface Fa0/0: show interface Fa0/0

FastEthernet 0/0 status (up / down): ________________________

Line protocol: ________________________

MAC Address: ________________________

6. Display configuration information for interface Fa0/1: show interface Fa0/1

Page 213: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.2: Network Testing

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 223 of 247

FastEthernet 0/0 status (up / down): ________________________

Line protocol: ________________________

MAC Address: ________________________

7. Display brief IP address information about each interface: show ip interface brief

Interface IP-Address OK? Method Status Protocol FastEthernet0/0 FastEthernet0/1

8. Take corrective action with any problems, and retest.

Step 4: Configure Switch1.

1. Move the console cable from Router1 to Switch1.

2. Press Enter until a response is received.

3. Configuration for Switch1 includes the following tasks:

Tasks

(Refer to the Appendix for help with commands)

Specify Switch name- Switch1

Specify an encrypted privileged exec password- cisco

Specify a console access password- class

Specify a telnet access password- class

Configure the MOTD banner

Configure Switch1 interface Fa0/1: Set the description

Configure Switch1 interface Fa0/2: Set the description

Configure Switch1 interface Fa0/3: Set the description

Configure management VLAN 1 IP address:

• Set the description

• Set the Layer 3 address

• Issue no shutdown

Configure default IP gateway address

4. Display the contents of RAM:

5. Write the configuration specifications below:

Hostname: ________________________

Enable secret password: ________________________

Console access password: ________________________

Telnet access password: ________________________

MOTD banner: ________________________

Page 214: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.2: Network Testing

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 224 of 247

Interface VLAN 1: ________________________

Default IP gateway address: ________________________

6. Display configuration information for interface VLAN 1: show interface vlan1

VLAN 1 status (up / down): ________________________

Line protocol: ________________________

Task 4: Verify Network Connectivity.

Step 1: Use the ping command to verify network connectivity.

Network connectivity can be verified with the ping command. It is very important that connectivity exists throughout the network. Corrective action must be taken if there is a failure.

1. Use the following table to methodically verify connectivity with each network device:

From To IP Address Ping results

Host1 LocalHost (127.0.0.1)

Host1 NIC IP address

Host1 Gateway (Router1, Fa0/0)

Host1 Router1, Fa0/1

Host1 Switch1

Host1 Host2

Host1 Host3

Host2 LocalHost (127.0.0.1)

Host2 NIC IP address

Host2 Host3

Host2 Switch1

Host2 Gateway (Router1, Fa0/1)

Host2 Router1, Fa0/0

Host2 Host1

Host3 LocalHost (127.0.0.1)

Host3 NIC IP address

Host3 Host2

Host3 Switch1

Host3 Gateway (Router1, Fa0/1)

Host3 Router1, Fa0/0

Host3 Host1

Page 215: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.2: Network Testing

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 225 of 247

2. Take corrective action to establish connectivity if a test fails.

Note: If pings to host computers fail, temporarily disable the computer firewall and retest. To disable a Windows firewall, click Start > Control Panel > Windows Firewall, choose Off, and then click OK.

Step 2: Use the tracert command to verify local connectivity.

1. From Host1, issue the tracert command to Host2 and Host3.

2. Record the results:

From Host1 to Host2: ________________________

From Host1 to Host3: ________________________

Step 3: Verify Layer 2 connectivity.

1. If not already connected, move the console cable from Router1 to Switch1.

2. Press the Enter key until there is a response from Switch1.

3. Issue the command show mac-address-table. This command will display static (CPU) and dynamic, or learned, entries.

4. List the dynamic MAC addresses and corresponding switch ports:

MAC Address Switch Port

5. Verify that there are three dynamically learned MAC addresses, one each from Fa0/1, Fa0/2,

and Fa0/3.

Task 5: Reflection

Review any physical or logical configuration problems encountered during this lab. Make sure you have a thorough understanding of the procedures used to verify network connectivity.

Task 6: Challenge

Ask your instructor or another student to introduce one or two problems in your network when you aren’t looking or are out of the lab room. Problems can be either physical (wrong UTP cable) or logical (wrong IP address or gateway). To fix the problems:

1. Perform a good visual inspection. Look for green link lights on Switch1.

2. Use the table provided in Task 3, above, to identify failed connectivity. List the problems:

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

Page 216: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.2: Network Testing

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 226 of 247

___________________________________________________________________________

___________________________________________________________________________

3. Write down your proposed solution(s):

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

4. Test your solution. If the solution fixed the problem, document the solution. If the solution did not fix the problem, continue troubleshooting.

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

Task 7: Clean Up

Unless directed otherwise by the instructor, restore host computer network connectivity, and then turn off power to the host computers.

Before turning off power to the router and switch, remove the NVRAM configuration file from each device with the privileged exec command erase startup-config.

Carefully remove cables and return them neatly to their storage. Reconnect cables that were disconnected for this lab.

Remove anything that was brought into the lab, and leave the room ready for the next class.

Appendix—List of Cisco IOS commands used in this lab

Purpose Command

Page 217: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.2: Network Testing

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 227 of 247

Enter the global configuration mode. configure terminal Example: Router>enable Router#configure terminal Router(config)#

Specify the name for the Cisco device. hostname name Example: Router(config)#hostname Router1 Router(config)#

Specify an encrypted password to prevent unauthorized access to the privileged EXEC mode.

Enable secret password Example: Router(config)#enable secret cisco Router(config)#

Specify a password to prevent unauthorized access to the console.

password password login

Example: Router(config)#line con 0

Router(config-line)#password class

Router(config-line)#login Router(config)#

Specify a password to prevent unauthorized Telnet access. Router vty lines: 0 4 Switch vty lines: 0 15

password password login

Example: Router(config)#line vty 0 4

Router(config-line)#password class

Router(config-line)#login Router(config-line)#

Configure the MOTD banner. Banner motd % Example: Router(config)#banner motd % Router(config)#

Configure a Router interface. Router interface is OFF by default

Example: Router(config)#interface Fa0/0 Router(config-if)#description

description

Router(config-if)#ip address address mask

Router(config-if)#no shutdown

Router(config-if)#

Switch interface is ON by default (VLAN interface is OFF by default)

Example: Switch(config)#interface Fa0/0 Switch(config-if)#description

description

Switch(config)#interface vlan1 Switch(config-if)#ip address address mask

Switch(config-if)#no shutdown

Switch(config-if)#

Switch- create a default IP gateway Switch(config)#ip default-gateway address

Save the configuration to NVRAM. copy running-config startup-config Example: Router#copy running-config startup-config

Page 218: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.3: Network Documentation with Utility Commands

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 228 of 247

Lab 10.3: Network Documentation with Utility Commands

148BTopology Diagram

149BLearning Objectives

• Design the logical lab topology.

• Configure the physical lab topology.

• Design and configure the logical LAN topology.

• Verify LAN connectivity.

• Document the network.

150BBackground

Hardware Qty Description

Cisco Router 1 Part of CCNA Lab bundle.

Cisco Switch 1 Part of CCNA Lab bundle.

*Computer (host) 3 Lab computer.

CAT-5 or better straight-through UTP cables

3 Connects Router1, Host1, and Host2 to switch1.

CAT-5 crossover UTP cable 1 Connects host 1 to Router1

Console (rollover) cable 1 Connects Host1 to Router1 console

Table 1. Equipment and hardware for Eagle 1 lab.

Gather the necessary equipment and cables. To configure the lab, make sure the equipment listed in Table 1 is available.

In this lab router and host output will be copied from the devices and into Notepad for use in network documentation. Appendix1 contains tables that can be used to copy output into, or create your own tables.

151BScenario

Network documentation is a very important tool for the organization. A well-documented network enables network engineers to save significant time in troubleshooting and planning future growth.

In this lab students will create a small network that requires connecting network devices and configuring Host computers for basic network connectivity. Subnet A and Subnet B are subnets that are currently needed. Subnet C is an anticipated subnet, not yet connected to the network.

Page 219: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.3: Network Documentation with Utility Commands

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 229 of 247

Task 1: Configure the logical lab topology. Given an IP address of 209.165.200.224 / 27 (address / mask), design an IP addressing scheme that satisfies the following requirements:

Subnet Number of Hosts

Subnet A 2

Subnet B Between 2 - 6

Subnet C Between 10 – 12

Step 1: Design Subnet C address block.

Begin the logical network design by satisfying the requirement for Subnet C, the largest IP address block. Using binary numbers to create your subnet chart, pick the next available address block that will support Subnet C.

Fill in the following table with IP address information for Subnet C:

Network Address Mask First Host address Last Host address Broadcast

What is the bit mask in binary? ______________________

Step 2: Design Subnet B address block.

Satisfy the requirement of Subnet B, the next largest block of IP addresses. Using binary numbers to create your subnet chart, pick the first address block that will support Subnet B.

Fill in the following table with IP address information for Subnet B:

Network Address Mask First Host address Last Host address Broadcast

What is the bit mask in binary? _______________________

Step 3: Design Subnet A address block.

Satisfy the requirement of Subnet A, the smallest IP address block. Using binary numbers to create your subnet chart, pick the next available address block that will support Subnet A.

Fill in the following table with IP address information for Subnet A:

Network Address Mask First Host address Last Host address Broadcast

What is the bit mask in binary? __________________________

Task 2: Configure the Physical Lab Topology.

Step 1: Physically connect lab devices.

Page 220: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.3: Network Documentation with Utility Commands

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 230 of 247

Figure 1. Cabling the network.

Cable the network devices as shown in Figure 1. Pay special attention to the crossover cable required between Host1 and Router1.

If not already enabled, turn power on to all devices.

Step 2: Visually inspect network connections.

After cabling the network devices, take a moment to verify the connections. Attention to detail now will minimize the time required to troubleshoot network connectivity issues later.

Task 3: Configure the Logical Topology.

Step 1: Document logical network settings.

Host computers will use the first two IP addresses in the subnetwork. The network router will use the LAST network host address. Write down the IP address information for each device:

Device Subnet IP address Mask Gateway

Router1-Fa0/0

Host1

Router1-Fa0/1

Host2

Host3

Switch1 N/A N/A N/A N/A

Step 2: Configure host computers.

On each computer in turn, select start | Control Panel | Network Connections. Identify the Local Area Connection device icon. Use the mouse pointer to highlight the icon, right-click, and select properties. Highlight Internet Protocol (TCP/IP), and select Properties. Verify that the Host1 Layer 3 IP address is on a different subnetwork than Host2 and Host3. Configure each host computer using the IP address information recorded in Step 1. Verify proper configuration of each host computer with the ipconfig /all command. Record your information in Appendix1, Network Documentation:

Page 221: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.3: Network Documentation with Utility Commands

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 231 of 247

Step 3: Configure Router1.

From the Widows taskbar, start the HyperTerminal program by clicking on Start | Programs | Accessories | Communications | HyperTerminal. Configure HyperTerminal for access to Router1. Configuration tasks for Router1 include the following:

Task

Specify Router name- Router1

Specify an encrypted privileged exec password- cisco

Specify a console access password- class

Specify a telnet access password- class

Configure the MOTD banner.

Configure Router1 interface Fa0/0- set the description set the Layer 3 address issue no shutdown

Configure Router1 interface Fa0/1- set the description set the Layer 3 address issue no shutdown

Save the configuration in NVRAM. Display the contents of RAM: Copy the output of the configuration into the Router1 configuration table, Appendix 1. Copy the output of the show interface fa0/0 and show interface fa0/1 commands into the Router1 Interface configuration tables, Appendix 1.

Copy the output of the show ip interface brief command into the Router1 IP Address configuration table, Appendix1.

Step 4: Configure Switch1.

Move the console cable from Router1 to Switch1. Press Enter until a response is received. Configuration tasks for Switch1 include the following:

Task

Specify Switch name- Switch1

Specify an encrypted privileged exec password- cisco

Specify a console access password- class

Specify a telnet access password- class

Configure the MOTD banner.

Configure Switch1 interface Fa0/1- set the description

Configure Switch1 interface Fa0/2- set the description

Page 222: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.3: Network Documentation with Utility Commands

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 232 of 247

Configure Switch1 interface Fa0/3- set the description

Display the contents of RAM: Copy the output of the configuration into the Switch1 configuration table, Appendix 1. Copy the output of the show mac address-table command into the Switch1 MAC address table, Appendix 1.

Task 4: Verify Network Connectivity.

Step 1: Use the ping command to verify network connectivity.

Network connectivity can be verified with the ping command. It is very important that connectivity exists throughout the network. Corrective action must be taken if there is a failure. **NOTE: If pings to host computers fail, temporarily disable the computer firewall and retest. To disable a Windows firewall, select Start | Control Panel | Windows Firewall, select OFF, and OK. Use the following table to methodically verify connectivity with each network device. Take corrective action to establish connectivity if a test fails:

From To IP Address Ping results

Host1 LocalHost (127.0.0.1)

Host1 NIC IP address

Host1 Gateway (Router1, Fa0/0)

Host1 Router1, Fa0/1

Host1 Host2

Host1 Host3

Host2 LocalHost (127.0.0.1)

Host2 NIC IP address

Host2 Host3

Host2 Gateway (Router1, Fa0/1)

Host2 Router1, Fa0/0

Host2 Host1

Host3 LocalHost (127.0.0.1)

Host3 NIC IP address

Host3 Host2

Host3 Gateway (Router1, Fa0/1)

Host3 Router1, Fa0/0

Host3 Host1

Page 223: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.3: Network Documentation with Utility Commands

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 233 of 247

Step 2: Use the tracert command to verify local connectivity.

In addition to connectivity testing, the tracert command may also be used as a crude throughput tester for network baselining. That is, with minimal traffic, tracert results can be compared against periods of high traffic. Results can be used to justify equipment upgrades or new purchases. From Host1, issue the tracert command to Router1, Host2, and Host3. Record the results in the Host1 Tracert output, Appendix A. From Host2, issue the tracert command to Host3, Router1, and Host1. Record the results in the Host2 Tracert output, Appendix A. From Host3, issue the tracert command to Host2, Router1, and Host1. Record the results in the Host3 Tracert output, Appendix A.

Task 5: Document the Network.

With all the work performed so far, it would seem that there is nothing left to do. The network was physically and logically configured, verified, and command output copied into tables.

The last step in network documentation is to organize your output. As you organize, think what might be needed six months or a year from now. For example: When was the network created? When was the network documented? Were there any significant challenges that were overcome? Who performed the configuration (talent like this needs to be tracked)? Who performed the documentation (talent like this needs to be tracked)?

These questions should be answered in the documentation, perhaps in a cover letter. Be sure to include the following information: A copy of the physical topology. A copy of the logical topology. Prepare your documentation in a professional format, and submit it to your instructor.

Task 6: Reflection Review any physical or logical configuration problems encountered during this lab. Insure a thorough understanding of the procedures used to verify network connectivity.

Task 7: Challenge Ask your instructor or another student to introduce one or two problems in your network when you aren’t looking or are out of the lab room. Problems can be either physical (cables moved on the switch) or logical (wrong IP address or gateway).

Use your network documentation to troubleshoot and remedy the problems:

1. Perform a good visual inspection. Look for green link lights on Switch1.

Page 224: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.3: Network Documentation with Utility Commands

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 234 of 247

2. Use your network documentation to compare what should be to what is: _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ _________________________________________________________________

3. Write down your proposed solution(s): _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ _________________________________________________________________

4. Test your solution. If the solution fixed the problem, document the solution. If the solution did not fix the problem, continue troubleshooting. _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ _________________________________________________________________

Task 8: Clean Up.

Unless directed otherwise by the instructor, restore host computer network connectivity, then turn off power to the host computers. Before turning off power to the router and switch, remove the NVRAM configuration file from each device with the privileged exec command erase startup-config. Carefully remove cables and return them neatly to their storage. Reconnect cables that were disconnected for this lab. Remove anything that was brought into the lab, and leave the room ready for the next class. Appendix 1- Network Documentation Host tables created from Task 3, Step 2:

Host1 Network Configuration

Host Name

IP Routing Enabled

Ethernet adapter

Description

Physical Address

IP Address

Subnet Mask

Default Gateway

Page 225: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.3: Network Documentation with Utility Commands

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 235 of 247

Host2 Network Configuration

Host Name

IP Routing Enabled

Ethernet adapter

Description

Physical Address

IP Address

Subnet Mask

Default Gateway

Host3 Network Configuration

Host Name

IP Routing Enabled

Ethernet adapter

Description

Physical Address

IP Address

Subnet Mask

Default Gateway

Router1 configuration from Task 3, Step 3:

Router1 Configuration

Router1 Interface Fa0/0 configuration from Task 2, Step 3:

Page 226: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.3: Network Documentation with Utility Commands

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 236 of 247

Router1 Interface fa0/1 configuration from Task 3, Step 3:

Router1 IP Address configuration from Task 3, Step 3:

Page 227: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.3: Network Documentation with Utility Commands

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 237 of 247

Switch1 Configuration from Task 3, Step 4:

Switch1 MAC address-table from Task 3, Step 4:

Traceroute results from Host1 Task 4, Step 2:

Traceroute results from Host2 Task 4, Step 2:

Traceroute results from Host3 Task 4, Step 2:

Page 228: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Lab 10.3: Network Documentation with Utility Commands

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 238 of 247

Page 229: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Case Study 1- Datagram Analysis with Wireshark

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 239 of 247

Case Study 1- Datagram Analysis with Wireshark

152BLearning Objectives

Upon completion of this exercise, students will be able to demonstrate:

• How a TCP segment is constructed, and explain the segment fields.

• How an IP packet is constructed, and explain the packet fields.

• How an Ethernet II frame is constructed, and explain the frame fields.

• Contents of an ARP REQUEST and ARP REPLY.

153BBackground

This lab requires two captured packet files and Wireshark, a network protocol analyzer. Download the following files from Eagle server, and install Wireshark on your computer if it is not already installed:

• eagle1_web_client.pcap (discussed)

• eagle1_web_server.pcap (reference only)

• wireshark.exe

154BScenario

This exercise details the sequence of datagrams that are created and sent across a network between a web client, PC_Client, and web server, eagle1.example.com. Understanding the process involved in sequentially placing packets on the network will enable the student to logically troubleshoot network failures when connectivity breaks. For brevity and clarity, network packet noise has been omitted from the captures. Before executing a network protocol analyzer on a network that belongs to someone else, be sure to get permission- in writing. Figure 1 shows the topology of this lab.

Figure 1. Network Topology.

Using Microsoft ® command line tools, IP configuration information and the contents of ARP cache are displayed. Refer to Figure 2.

Page 230: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Case Study 1- Datagram Analysis with Wireshark

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 240 of 247

C: > ipconfig / all

Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT

Network Connection Physical Address. . . . . . . . . : 00:02:3f:7e:37:da Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 10.1.1.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.1.1.254 DNS Servers . . . . . . . . . . . : 10.1.1.250 C: > arp –a

No ARP Entries Found C: >

Figure 2. PC Client initial network state.

A web client is started, and URL eagle1.example.com is entered, as shown in Figure 3. This begins the communication process to the web server, and where the captured packets start.

Figure 3. PC Client with web browser.

Task 1: Prepare the Lab.

Step 1: Start Wireshark on your computer. Refer to Figure 4 for changes to the default output. Uncheck Main toolbar, Filter toolbar, and Packet Bytes. Verify that Packet List and Packet Details are checked. To insure there is no automatic translation in MAC addresses, de-select Name Resolution for MAC layer and Transport Layer.

Page 231: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Case Study 1- Datagram Analysis with Wireshark

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 241 of 247

Figure 4. Wireshark default view changes.

Step 2: Load the web client capture, eagle1_web_client.pcap. A screen similar to Figure 5 will be displayed. Various pull-down menus and sub-menus are available. There are also two separate data windows. The top Wireshark window lists all captured packets. The bottom window contains packet details. In the bottom window, each line that contains a check box, � indicates that additional information is available.

Figure 5. Wireshark with file eagle1_web_client.pcap loaded.

Task 2: Review the Process of Data Flowing through the Network.

Step 1: Review Transport layer operation. When PC_Client builds the datagram for a connection with eagle1.example.com, the datagram travels down the various network Layers. At each Layer, important header information is added. Because this communication is from a web client, the Transport Layer protocol will be TCP. Consider the TCP segment, shown in Figure 6. PC_Client generates an internal TCP port address, in this conversation 1085, and knows the well-known web server port address, 80. Likewise, a sequence number has been internally generated. Data is included, provided by the

Page 232: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Case Study 1- Datagram Analysis with Wireshark

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 242 of 247

Application Layer. Some information will not be known to PC_Client, so it must be discovered using other network protocols. There is no acknowledgement number. Before this segment can move to the Network Layer, the TCP three-way handshake must be performed.

16

TCP Segment

Source PortSource Port Destination PortDestination Port

0 31

Sequence NumberSequence Number

Acknowledgement NumberAcknowledgement Number

Data OffsetData Offset

4 7

ReservedReserved ECNECN

10

Control BitsControl Bits WindowWindow

ChecksumChecksum Urgent PointerUrgent Pointer

Options and PaddingOptions and Padding

DataData

Figure 6. TCP Segment fields.

Step 2: Review Network layer operation. At the Network Layer, the IPv4 (IP) PACKET has several fields ready with information. This is shown in Figure 7. For example, the packet Version (IPv4) is known, as well as the source IP address. The destination for this packet is eagle1.example.com. The corresponding IP Address must be discovered through DNS (Domain Name Services). Until the upper layer datagram is received, fields related to the upper layer protocols are empty.

16

IP Packet

Total LengthTotal Length

0 314 8 10

Source IP AddressSource IP Address

DataData

VersionVersion IHLIHL TOSTOS

IdentificationIdentification FlagsFlags Fragment OffsetFragment Offset

TTLTTL ProtocolProtocol Header ChecksumHeader Checksum

Destination IP AddressDestination IP Address

Figure 7. IP Packet fields.

Step 3: Review Data Link layer operation. Before the datagram is placed on the physical medium, it must be encapsulated inside a frame. This is shown in Figure 8. PC_Client has knowledge of the source MAC address, but must discover the destination MAC address. The destination MAC address must be discovered.

Preamble

8 Octets

Destination

Address

6 Octets

SourceAddress

6 Octets

Frame

Type

2 Octets

Data

46-1500 Octets

CRC

4 Octets

Ethernet II Frame Format

Figure 8. Ethernet II frame fields.

Task 3: Analyze Captured Packets.

Step 1: Review the data flow sequence.

Page 233: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Case Study 1- Datagram Analysis with Wireshark

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 243 of 247

A review of missing information will be helpful in following the captured packet sequence:

a. The TCP segment cannot be constructed because the acknowledgement field is blank. A TCP 3-way handshake with eagle1.example.com must first be completed.

b. The TCP 3-way handshake cannot occur because PC_Client does not know the IP address for eagle1.example.com. This is resolved with a DNS request from PC_Client to the DNS the server.

c. The DNS server cannot be queried because the MAC address for the DNS server is not known. The ARP protocol is broadcast on the LAN to discover the MAC address for the DNS server.

d. The MAC address for eagle1.example.com is unknown. The ARP protocol is broadcast on the LAN to learn the destination MAC address for eagle1.example.com.

Step 2: Examine the ARP request. Refer to Wireshark, Packet List window, No. 1. The captured frame is an ARP (Address Resolution Protocol) Request. Contents of the Ethernet II frame can be viewed by clicking on the check box in the second line of the Packet Details window. Contents of the ARP Request can be viewed by clicking on the ARP Request line in the Packet Details window.

1. What is the source MAC address for the ARP Request? _____________________ 2. What is the destination MAC address for the ARP Request? _____________________

3. What is the unknown IP address in the ARP Request? ______________________

4. What is the Ethernet II Frame Type? _____________________

Step 3: Examine the ARP reply. Refer to Wireshark, Packet List window, No. 2. The DNS server sent an ARP Reply.

1. What is the source MAC address for the ARP Reply? _____________________ 2. What is the destination MAC address for the ARP Request? _____________________ 3. What is the Ethernet II Frame Type? _____________________ 4. What is the destination IP address in the ARP Reply? _____________________ Based on the observation of the ARP protocol, what can be inferred about an ARP Request

destination address and an ARP Reply destination address? ____________________________________________________________________

____________________________________________________________________

5. Why did the DNS server not have to send an ARP Request for the PC_Client MAC address?

6. ____________________________________________________________________

Page 234: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Case Study 1- Datagram Analysis with Wireshark

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 244 of 247

____________________________________________________________________

Step 4: Examine the DNS query. Refer to Wireshark, Packet List window, No. 3. PC_Client sent a DNS query to the DNS server. Using the Packet Details window, answer the following questions:

1. What is the Ethernet II Frame Type? _____________________ 2. What is the Transport Layer protocol, and what is the destination port number?

_____________________

Step 5: Examine the DNS query response. Refer to Wireshark, Packet List window, No. 4. The DNS server sent a DNS query response to PC_Client. Using the Packet Details window, answer the following questions:

1. What is the Ethernet II Frame Type? _____________________ 2. What is the Transport Layer protocol, and what is the destination port number?

_____________________ 3. What is the IP address for eagle1.example.com? _____________________ A colleague is a firewall administrator, and asked if you thought of any reason why all UDP

packets should not be blocked from entering the internal network. What is your response? ____________________________________________________________________

____________________________________________________________________

Step 6: Examine the ARP request. Refer to Wireshark, Packet List window, No. 5 and No 6. PC_Client sent an ARP Request to IP address 10.1.1.254. 1. Is this IP address different than the IP address for eagle1.example.com? Explain?

____________________________________________________________________

____________________________________________________________________

Step 7: Examine the TCP 3-way handshake. Refer to Wireshark, Packet List window, No. 7, No. 8, and No. 9. These captures contain the TCP 3-way handshake between PC_Client and eagle1.example.com. Initially, only the TCP SYN flag is set on the datagram sent from PC_Client, sequence number 0. eagle1.example.com responds with the TCP ACK and SYN flags set, along with an acknowledgement of 1 and sequence of 0. In the Packet List window, there is an unexplained value, MSS=1460. MSS stands for Maximum Segment size. When a TCP segment is transported over IPv4, MSS is computed to be the maximum size of an IPv4 datagram minus 40 bytes. This value is sent during connection startup. This is also when TCP sliding windows are negotiated.

Page 235: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Case Study 1- Datagram Analysis with Wireshark

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 245 of 247

1. If the initial TCP sequence value from PC_Client is 0, why did eagle1.example respond with an acknowledgement of 1?

____________________________________________________________________

____________________________________________________________________ 2. In eagle1.example.com, No. 8, What does the IP Flag value of 0x04 mean? ____________________________________________________________________

____________________________________________________________________

3. When PC_Client completes the TCP 3-way handshake, Wireshark Packet List No 9, what are the TCP flag states returned to eagle1.example.com?

____________________________________________________________________

Task 4: Complete the Final Analysis.

Step 1: Match the Wireshark output to the process. It has taken a total of nine datagrams sent between PC_Client, DNS server, Gateway, and eagle1.example.com before PC_Client has sufficient information to send the original web client request to eagle1.example.com. This is shown in Wireshark Packet List No. 10, where PC_Client sent a web protocol GET request.

1. Fill in the correct Wireshark Packet List number that satisfies each of the following missing entries: a. The TCP segment cannot be constructed because the acknowledgement field is blank.

A TCP 3-way handshake with eagle1.example.com must first be completed. b. ________ c. The TCP 3-way handshake cannot occur because PC_Client does not know the IP

address for eagle1.example.com. This is resolved with a DNS request from PC_Client to the DNS the server. ________

Page 236: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Case Study 1- Datagram Analysis with Wireshark

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 246 of 247

d. The DNS server cannot be queried because the MAC address for the DNS server is not known. The ARP protocol is broadcast on the LAN to discover the MAC address for the DNS server. ________

e. The MAC address for the gateway to reach eagle1.example.com is unknown. The ARP protocol is broadcast on the LAN to learn the destination MAC address for the gateway. ________

2. Wireshark Packet List No. 11 is an acknowledgement from eagle1.example.com to the PC_Client GET request, Wireshark Packet List No. 10.

3. Wireshark Packet List No. 12, 13 and 15 are TCP segments from eagle1.example.com. Wireshark Packet List No. 14 and 16 are ACK datagrams from PC_Client.

4. To verify the ACK, highlight Wireshark Packet List No. 14. Next, scroll down to the bottom of the detail list window, and expand the [SEQ/ACK analysis] frame. The ACK datagram for Wireshark Packet List No. 14 is a response to which datagram from eagle1.example.com? _______________

5. Wireshark Packet List No. 17 datagram is sent from PC_Client to eagle1.example.com. Review the information inside the [SEQ/ACK analysis] frame. What is the purpose of this datagram? ________

6. When PC_Client is finished, TCP ACK and FIN flags are sent, shown in Wireshark Packet List No. 18. eagle1.example.com responds with a TCP ACK, and the TCP session is closed.

Step 2: Use Wireshark TCP Stream. Analyzing packet contents can be a daunting experience, time consuming and error prone. Wireshark includes an option that constructs the TCP Stream in a separate window. To use this feature, first select a TCP datagram from the Wireshark Packet List. Next, select Wireshark menu options Analyze | Follow TCP Stream. A window similar to Figure 9 will be displayed.

Figure 9. Output of the TCP stream.

Task 5: Conclusion Using a network protocol analyzer can serve as an effective learning tool for understanding critical elements of network communication. Once the network administrator is familiar with communication protocols, the same protocol analyzer can become an effective troubleshooting tool when there is network failure. For example, if a web browser could not connect to a web server there could be multiple causes. A protocol analyzer will show unsuccessful ARP requests, unsuccessful DNS queries, and unacknowledged packets.

Page 237: Networking Fundamentals Lab Workbook

Network Fundamentals EEET 2320 Case Study 1- Datagram Analysis with Wireshark

Document: Networking Fundamentals Lab Workbook Author: CISCO, Compiled by: Mohammad Hassan Save Date: 14/02/2010 School of Engineering (TAFE) Page 247 of 247

Task 6: Summary In this exercise the student has learned how communication between a web client and web server communicate. Behind-the-scene protocols such as DNS and ARP are used to fill in missing parts of IP packets and Ethernet frames, respectively. Before TCP session can begin, the TCP 3-way handshake must build a reliable path and supply both communicating ends with initial TCP header information. Finally, the TCP session is destroyed in an orderly manner with the client issuing a TCP FIN flag.